Home » Technology » Foreign attacker breaches US nuclear weapons factory via unpatched SharePoint flaws

Foreign attacker breaches US nuclear weapons factory via unpatched SharePoint flaws

4 months ago Joshua Bato

A foreign attacker, who has not yet been clearly identified, has gained access to the IT systems of an important US nuclear weapons factory. Access was achieved via vulnerabilities in Microsoft’s SharePoint server.

Newly discovered gaps

According to a report by the CSO magazine The hack affected the Kansas City National Security Campus (KCNSC) of the National Nuclear Security Administration (NNSA). According to information from security circles, the perpetrators used unpatched vulnerabilities in Microsoft’s SharePoint platform to break into the plant’s IT systems. The affected site in Kansas City, operated by Honeywell Federal Manufacturing & Technologies on behalf of the Department of Energy, is central to the production of non-nuclear components of American nuclear weapons. Around 80 percent of these components come from the factory in Missouri. Because of its importance, the facility is considered one of the most sensitive facilities in the US military.

According to an expert involved in the investigation, authorities discovered the attack in August, a few weeks after Microsoft released security updates for two vulnerabilities on July 19. These were a spoofing vulnerability (CVE-2025-53770) and a remote code execution vulnerability (CVE-2025-49704), which allowed attackers to execute malicious code on local servers. As early as July 22, the Energy Ministry confirmed that it had been affected by the attacks – but according to its own statement, only to a “minimal extent.”

Speculation about the perpetrators

It is still unclear who is behind the attack. Microsoft traces the wave of SharePoint exploits to three China-affiliated groups codenamed Linen Typhoon, Violet Typhoon and Storm-2603. They are said to have originally prepared the use of Warlock ransomware. A source familiar with the incident, however, believes Russian cyber criminals are responsible. The security company Resecurity also reports evidence of Chinese authors, but does not rule out Russian involvement.

It is possible that Russian actors independently reproduced the attack method after technical details were published in June. Meanwhile, experts warn of possible sideways movements by attackers from IT into the operational networks (OT), which are responsible for manufacturing and control processes. Although the production systems in Kansas City are considered largely isolated, there is no absolute security. “We need to carefully analyze how states could exploit IT vulnerabilities to gain access to industrial control systems,” said Jen Sovada of cybersecurity firm Claroty.

Tags: , , , , ,

More Stories

Alder Lake is being retired

1 week ago Yasir Zeb

AMD has now officially revealed the launch date and price

1 week ago Yasir Zeb

South Korea is converting civilian jets into radar killers

1 week ago Yasir Zeb

Leave a Reply

Today’s Latest

AI Risk Management: Building Trust and Reliability in Intelligent Systems

7 hours ago Alexia Hope
RV Loans

Key Factors to Consider Before Upgrading Your RV

8 hours ago Alexia Hope

How Do Professional Bookkeeping Services Improve Financial Transparency? 

1 day ago Alexia Hope

Creative Ways to Advertise a New Startup

6 days ago Alexia Hope

Best OSRS Activities While Working From Home

6 days ago Alexia Hope

How Specialized Online Platforms Are Influencing Modern Consumer Buying Behavior

6 days ago Alexia Hope
meeting laptops

Cloud Adoption Strategies Every Growing Company Should Know

6 days ago Alexia Hope
DFT print

Why DTF Transfer Printing Is Becoming a Preferred Choice for Modern Apparel Production

1 week ago Yasir Zeb
Self Storage insurance

What to Look for in a Self-Storage Facility?

1 week ago Alexia Hope

Homeownership in the Digital Age: Tools, Trends, and Smarter Financial Planning

1 week ago Alexia Hope