US Nuclear Agency Hit by SharePoint Zero-Day: Over 400 Orgs Breached as Ransomware Threat Escalates
The U.S. National Nuclear Security Administration (NNSA), a division of the Department of Energy tasked with maintaining and safeguarding the nation’s nuclear arsenal, has found itself at the center of one of the most far-reaching cyber-espionage campaigns in recent years.
The attack began on July 18 and exploited a previously unknown vulnerability in Microsoft SharePoint server software. This flaw granted hackers access to NNSA’s internal infrastructure, raising grave concerns about the security of highly sensitive information.
According to the U.S. Department of Energy, a breach did indeed occur, though the official stance maintains that the impact was minimal — thanks to the deployment of Microsoft’s cloud-based 365 infrastructure and enterprise-grade security measures. Only a limited number of systems, reportedly devoid of classified data, were compromised.
However, independent sources paint a far more alarming picture. Microsoft disclosed that the exploited vulnerability became the entry point for the threat actor group Storm-2603. What initially appeared to be a reconnaissance effort has since evolved into a full-scale ransomware campaign, in which attackers encrypt data and demand payment for its release.
This shift marks a transition from covert espionage to overt digital extortion, with the potential to cripple infrastructure across both public and private sectors.
Dutch cybersecurity firm Eye Security reports that the number of organizations affected by the malicious exploitation of the SharePoint vulnerability has already surpassed 400 — a dramatic increase from the 100 reported just days earlier. Experts warn this may represent only a fraction of the actual scale, as many infections leave behind no detectable traces, suggesting the true number of victims could be exponentially greater.
Among the confirmed targets are the U.S. Department of Education, Florida’s Department of Revenue, the Rhode Island General Assembly, and the National Institutes of Health — all of which detected intrusions and promptly isolated affected servers.
According to NextGov, between five and twelve federal agencies have come under attack, including the Department of Homeland Security. Politico sources corroborate that several government entities were simultaneously targeted. While officials have yet to disclose the full extent of the breach, analysts are already calling it the most significant assault on U.S. government systems since the infamous SolarWinds incident of 2019.
