Microsoft (MSFT) verified during the weekend that its SharePoint document management system, which is located at customers’ sites, experienced a security breach. It has recently been revealed that the impacted entities included the National Nuclear Security Administration (NNSA), an independent agency under the U.S. Department of Energy (DOE).
A Bloomberg article, referencing an individual familiar with the situation, indicated that no confidential or classified data was exposed during the attack on the NNSA. The federal organization is responsible for manufacturing and disassembling nuclear weapons.
The report also statedThat other sections of the DOE were breached. In response to a query from the news media, a DOE representative stated, “On Friday, July 18th, the use of a Microsoft SharePoint zero-day vulnerability started impacting the Department of Energy.”
The department experienced minimal effects because of its extensive use of the Microsoft M365 cloud and strong cybersecurity measures. Only a few systems were affected. All affected systems are currently being restored.
The primary responsibility of the NNSA is to ensure the safety, security, and effectiveness of the nuclear arsenal.
Microsoft’s stockhas endured the cyberattack quite well.
On [date], retail sentiment toward the stock has turned ‘bearish’ from the ‘bullish’ outlook observed a week prior, although the 24-hour message volume has increased to ‘high’ levels.
Sharing further details about the breach, Microsoft mentioned in a blog post on Tuesday that two Chinese state-sponsored hackers, Linen Typhoon and Violet Typhoon, took advantage of weaknesses in internet-accessible SharePoint servers.
The major software company also disclosed another threat group based in China, called Storm-2603. “Investigations into other groups utilizing these vulnerabilities are still in progress,” the statement mentioned.
As a solution, Microsoft advises users to employ “supported versions of on-premises SharePoint servers with the most recent security patches” and to implement and activate the “Antimalware Scan Interface (AMSI) along with Microsoft Defender Antivirus.”
The incident has affected governments, companies, and organizations around the globe, with hackers stealing login details in certain cases, according to Bloomberg.
Several government agencies have been affected, including those of national governments in Europe and the Middle East, along with the U.S. Department of Education, Florida’s Department of Revenue, and the Rhode Island General Assembly.
For the latest information and changes, send an email to newsroom[at][dot]com.
