Hackers exploited flaws in Microsoft SharePoint software to compromise servers at the National Institutes of Health (NIH) and the National Nuclear Security Administration (NNSA), officials confirmed. The breach was part of a broader global campaign that targeted on-premise SharePoint systems, affecting at least 60 organizations across multiple sectors and countries.
An internal email obtained by The Washington Post reveals that attackers compromised one server at NIH and attempted to breach two others. NIH disconnected eight servers from the internet as a precaution. The affected systems hosted sites for the National Institute of Diabetes and Digestive and Kidney Diseases and the Fogarty International Center.
Did the attack compromise any classified information?
The Department of Energy said the breach did not compromise classified materials. A spokesperson said that the agency experienced minimal impact because it used Microsoft’s cloud infrastructure and confirmed that technicians are working to restore affected systems. The NNSA, a semi-autonomous Energy Department arm responsible for nuclear weapons security, confirmed the breach but emphasized that sensitive data remained secure.
Microsoft and cybersecurity researchers attributed the intrusions to several China-linked hacking groups, including Violet Typhoon, Linen Typhoon and Storm-2603. Microsoft reported “high confidence” that attackers would continue leveraging the exploited flaws. The Chinese Embassy denied involvement and warned against accusations lacking evidence.
How severe and widespread was the campaign?
Palo Alto Networks described the vulnerability as “high-severity” due to SharePoint’s integration with platforms like OneDrive and Outlook. Security firm Eye Security said attackers could bypass patches, steal credentials and maintain access even after systems were rebooted. The flaws have been used to breach at least 100 servers, with victims in the U.S., Europe, the Middle East and Asia.
Other compromised entities reportedly included the U.S. Education Department, Florida’s Department of Revenue and Rhode Island’s General Assembly, though not all agencies responded to requests for comment.
Microsoft issued patches in early July and is continuing to investigate the attacks. The company has implemented reforms following prior high-profile breaches and is working with U.S. agencies and cybersecurity firms to harden defenses.
Click this link for the original source of this article.
Author: Devin Pavlou
This content is courtesy of, and owned and copyrighted by, https://straightarrownews.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.
