Hackers infiltrate nuclear weapons factory using SharePoint vulnerability
It has been revealed that a vulnerability in Microsoft's SharePoint application was exploited, resulting in a data breach at the Kansas City National Security Campus (KCNSC), a subsidiary of the US National Nuclear Security Administration (NNSA).
Foreign hackers breached a US nuclear weapons plant via SharePoint flaws | CSO Online
KCNSC is a facility responsible for the design, manufacture, and maintenance of nuclear weapons, and handles non-nuclear mechanical, electronic, and engineering material components used in the U.S. nuclear defense system.
According to a Department of Energy spokesperson, which oversees NNSA, the KCNSC data breach occurred on July 18, 2025, local time, due to the exploitation of a SharePoint vulnerability. The vulnerabilities exploited were a spoofing flaw, CVE-2025-53770, and a remote code execution flaw, CVE-2025-49704. Microsoft
While the data breach targeted the facility's IT department, there are also concerns that the attackers may have gained access to the facility's operational technology systems, namely the manufacturing and process control environment that directly supports the production of weapons components.
A cybersecurity expert interviewed by security media outlet CSO said, 'KCNSC's production systems are likely isolated from the outside world, which significantly reduces the direct risk of data breaches, but this does not necessarily mean that the measures are secure.'
A Department of Energy spokesperson added: 'The Department's extensive use of the Microsoft M365 cloud and advanced cybersecurity systems meant that the impact was minimal. Only a small number of systems were affected and all systems are being restored.'
Several other SharePoint vulnerabilities, including the one exploited this time, have been discovered, and it has been reported that dozens of servers around the world have been hit by cyberattacks exploiting SharePoint vulnerabilities since July 18. Microsoft has pointed out that these attacks are the work of Chinese threat actors.
Microsoft Confirms Two Chinese State-Level Hacker Groups, Linen Typhoon and Violet Typhoon, Exploiting SharePoint Zero-Day Vulnerabilities - GIGAZINE
However, there are also rumors that Russian threat actors are involved in the KCNSC case. According to Resecurity, a cybersecurity firm that monitored SharePoint exploits, a Chinese group may have developed and deployed the original zero-day vulnerability, and financially motivated Russian actors may have independently recreated the exploit.
Related Posts:
