A US Department of Energy spokesperson said that on July 18, a Microsoft SharePoint zero-day vulnerability impacted its systems, including those of the National Nuclear Security Administration, which oversees the nation's nuclear weapons stockpile.
"The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored," the department said in an emailed response to Reuters on Wednesday.
According to the US government, “The NNSA works to ensure that the nation's stockpile of nuclear weapons is safe and secure. It also works to ensure the safety of naval nuclear reactors, is the first responder in case of nuclear emergency, and works on worldwide nuclear nonproliferation issues.”
A department spokesperson added that the malware related to the breach had been “isolated to business networks only.”
Blame on Chinese hackers
In a blog post on Tuesday, Microsoft blamed the attack on government-backed Chinese hackers. The company said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," exploited the weaknesses in its software, along with a third, also based in China.
“We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor,” said Charles Carmakal, chief technology officer at Google’s Mandiant Consulting, in a LinkedIn post.