The U.S. National Nuclear Security Administration (NNSA), the agency responsible for the security of the nation’s nuclear weapons stockpile, was among the victims of a global cyberattack that exploited a vulnerability in Microsoft’s SharePoint software. The breach, which has affected over 100 organizations worldwide, has been attributed by Microsoft to Chinese state-sponsored hacking groups.
The attack, which began as early as July 7, 2025, targeted a flaw in the widely-used SharePoint software, a web-based collaborative platform. While Microsoft released a security patch on July 8, hackers were able to find ways to bypass these initial fixes, allowing them to continue their campaign of stealing sign-in credentials, including usernames, passwords, and authentication tokens.
According to a report from The Seattle Times, while the NNSA was successfully breached, there is currently no evidence to suggest that any sensitive or classified information was compromised. The NNSA is a semi-autonomous agency within the Department of Energy.
Microsoft has identified three Chinese state-sponsored groups, dubbed “Linen Typhoon,” “Violet Typhoon,” and “Storm-2603,” as the perpetrators behind the attack. The Chinese government has denied these allegations, with the Chinese embassy in Washington stating that China “firmly opposes all forms of cyberattacks” and criticizing the “smearing others without solid evidence.”
The breach was not limited to the NNSA. Other victims include a wide range of organizations across various sectors, from government agencies and energy companies to consulting firms and universities, with a geographic spread from the United States to Europe and the Middle East.
This incident has once again brought Microsoft’s security practices under intense scrutiny. A 2024 U.S. government report had previously described the company’s security culture as needing “urgent reforms.” In response to growing criticism, Microsoft has recently hired government security executives and is holding weekly senior leadership meetings to focus on improving the resilience of its software.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been actively involved in responding to the breach and has urged all organizations using Microsoft SharePoint to apply the latest security patches and to be vigilant for any signs of compromise.
This latest high-profile cyberattack serves as a stark reminder of the persistent and evolving threats in the digital realm and the critical importance of robust cybersecurity measures for both government and private sector organizations.
