Major cyber intrusion targeting United States nuclear weapons agency reported

Major cyber intrusion targeting United States nuclear weapons agency reported

In a significant cybersecurity incident, the National Nuclear Security Administration (NNSA) has been breached, with Chinese state-sponsored hacker groups allegedly involved in the attack. According to reports by Microsoft and cybersecurity researchers, the suspected groups include Violet Typhoon, Linen Typhoon, and Storm-2603[1][2][3].

## Details on the Suspected Groups

Violet Typhoon, known for its sophistication and focus on critical infrastructure, is a state-sponsored actor that has been active in the cybersecurity landscape[1][2][3]. Linen Typhoon, also known as APT27, Emissary Panda, Bronze Union, and Budworm, has been active since 2012, primarily focusing on intellectual property, government, and defense sectors[2]. Storm-2603 is a relatively new group that has appeared in recent campaigns, exploiting the same SharePoint flaws as the other two groups[2][3].

## Attack Method and Scope

The attackers exploited unpatched vulnerabilities in on-premises Microsoft SharePoint servers, specifically the zero-day vulnerability, CVE-2025-53770, to gain remote access without authentication[3]. This campaign did not limit itself to the NNSA; over 100 organizations globally, including government, energy, consulting, and academic entities, were affected[3]. Although the NNSA and other agencies within the U.S. Department of Energy were breached, no sensitive or classified nuclear weapons information was compromised[1][3][4].

## Official Responses

Microsoft has publicly attributed the attacks to these Chinese state-sponsored groups and warned that exploitation is likely to continue against unpatched systems[2][3]. The Chinese Embassy has denied involvement, criticizing the allegations as unfounded[1][2].

The NNSA, responsible for maintaining and designing the nation's nuclear arsenal, counterterrorism efforts, and responding to radiological emergencies, has referred questions about the attack to the Energy department. No further details about the attack or its impact have been disclosed.

The attack also affected the United States National Education Department, Florida's Department of Revenue, and national governments in various European and Middle Eastern countries.

This incident serves as a stark reminder of the ongoing threats in the cybersecurity landscape and the importance of maintaining up-to-date security measures.

1. The NNSA, a part of the United States' national security, has been breached in a significant cybersecurity incident, with Chinese state-sponsored groups like Violet Typhoon, Linen Typhoon, and Storm-2603 suspected of being involved.
2. Violet Typhoon, known for its focus on critical infrastructure, is a state-sponsored actor that has been active in the cybersecurity landscape, while Linen Typhoon, also known as APT27, primarily focuses on intellectual property, government, and defense sectors.
3. The attackers exploited unpatched vulnerabilities in on-premises Microsoft SharePoint servers to gain access, with over 100 organizations globally, including government, energy, consulting, and academic entities, affected.
4. General-news reports indicate that the attack also impacted the United States National Education Department, Florida's Department of Revenue, and national governments in various European and Middle Eastern countries.

Read also: