Skip to content

U.S. Nuclear Agency Hack Uncovered Through Microsoft Software Vulnerabilities, According to Bloomberg.

Nuclear Regulatory Commission in the U.S. faces cyberattack following a hack on Microsoft's SharePoint for document handling.

U.S. Nuclear Agency Breach Disclosed Due to Microsoft Software Vulnerabilities, Reports Bloomberg
U.S. Nuclear Agency Breach Disclosed Due to Microsoft Software Vulnerabilities, Reports Bloomberg

U.S. Nuclear Agency Hack Uncovered Through Microsoft Software Vulnerabilities, According to Bloomberg.

In July 2025, a series of breaches were reported in multiple countries, targeting on-premises Microsoft SharePoint Servers. The attacks, which involved the exploitation of a zero-day vulnerability (CVE-2025-53770, also known as "ToolShell"), affected more than 100 servers and over 60 organisations across various sectors, including government agencies, energy companies, consulting firms, and universities.

The breaches have been reported in the U.S., Canada, Australia, and other countries, but there is no explicit mention of Middle Eastern national governments or the U.S. Department of Education in the current search results.

Advanced persistent threat (APT) groups, including those linked to China (specifically Storm-1177, Storm-0866, and Storm-2268), have been identified as the perpetrators of these attacks. The hackers used the vulnerabilities to gain initial access, exfiltrate sensitive data, install backdoors, and move laterally within networks. It is important to note that these attacks do not affect SharePoint Online or Microsoft 365, only on-premises SharePoint Server deployments.

Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have issued emergency security patches and advisories, urging organisations to update immediately to mitigate the vulnerability. The true scale of the breach is still being assessed, but hundreds of organisations are believed to be impacted.

In contrast, the 2021 Microsoft Exchange Server ("Hafnium") incident, which was attributed to Chinese-government-linked actors, primarily involved Exchange Server, not SharePoint. The attack impacted tens of thousands of organisations globally, including many government agencies, educational institutions, and businesses.

Organisations should remain vigilant and apply emergency patches immediately to protect their on-premises SharePoint Server deployments. For the most accurate, up-to-date information on government impacts, refer to official advisories from CISA, Microsoft, and national cybersecurity agencies.

  1. The cybersecurity incident involving the exploitation of CVE-2025-53770, also known as "ToolShell," has raised concerns in the field of technology and general-news, as it highlights the increasing complexities of crime-and-justice in the digital age, with advanced persistent threat (APT) groups being implicated.
  2. Despite the recent series of breaches targeting on-premises Microsoft SharePoint Servers, it is important to note that the 2021 Microsoft Exchange Server ("Hafnium") incident, which primarily affected Exchange Server, not SharePoint, had a much broader impact, involving tens of thousands of organisations globally.

Read also:

    Latest