Foreign hackers breach US nuclear plant via SharePoint flaws

⚠️ Critical Vulnerability: Foreign Actors Breach US Nuclear Weapons Plant via Unpatched SharePoint A significant security failure has been exposed at the National Nuclear Security Administration’s (NNSA) Kansas City National Security Campus (KCNSC), a key manufacturing site for US nuclear weapons components. What Happened: Foreign threat actors infiltrated the KCNSC by exploiting two unpatched Microsoft SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-49704) affecting on-premises servers. This breach targeted the IT network of the facility, which produces roughly 80% of non-nuclear parts for the US nuclear stockpile. Key Concerns for National Security: * IT/OT Crossover: While production systems (Operational Technology/OT) are likely air-gapped, the intrusion raises urgent questions about the lateral movement risk from the IT network into critical manufacturing and process control environments. * Strategic Data Theft: Whether the actor was a nation-state (attributed by some to Chinese APTs like Linen Typhoon) or financially-motivated cybercriminals (suggested as Russian actors), any compromised unclassified technical data (e.g., requirements, tolerances) holds significant strategic value for adversaries. * Zero-Trust Gap: The incident highlights a systemic issue: the lag in applying robust Zero Trust frameworks to critical OT environments compared to traditional IT networks, demanding a comprehensive, unified approach to securing the federal enterprise. This breach underscores the critical need for immediate patching, stringent vulnerability management, and accelerated IT/OT security convergence to protect the physical systems underpinning national defense. Read more: https://lnkd.in/e-hR8x46 #CyberSecurity #NationalSecurity #ITOT #SharePoint #Vulnerability #CriticalInfrastructure #ZeroTrust

Increased targeting on nuclear energy sector by foreign actors underscores the need to solidify further federal IT/OT security protections. Resecurity’s researchers identified that while Chinese groups appeared to have developed and deployed the initial zero-day, financially motivated foreign actors may have independently reproduced the exploit before technical details began circulating in late June. On July 22, the National Nuclear Security Administration (NNSA) confirmed it was one of the organizations hit by attacks enabled by the SharePoint flaws. “On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy,” a DOE spokesperson said. Resecurity’s analysts observed early-stage scanning and exploitation activity from infrastructure located in Taiwan, Vietnam, South Korea, and Hong Kong, a distribution pattern consistent with tactics used by Chinese advanced persistent threat (APT) groups to disguise attribution. https://lnkd.in/e-hR8x46 #apt #cybersecurity #china #cybercrime #cyberrisk #criticalinfrastructure #darkweb #espionage #hacking #energy #nuclear #threatintelligence #threathunting #vulnerability

Although it is unclear whether the attackers were a Chinese nation-state actor or Russian cybercriminals — the two most likely culprits — experts say the incident drives home the importance of securing systems that protect operational technology from exploits that primarily affect IT systems.

Foreign Hackers Breached a US Nuclear Weapons Plant Via SharePoint Flaws: Foreign hackers breached the National Nuclear Security Administration's Kansas City National Security Campus (KCNSC) by exploiting unpatched Microsoft SharePoint vulnerabilities. The intrusion happened in August and is possibly linked to either Chinese state actors or Russian cybercriminals. CSO Online notes that "roughly 80% of the non-nuclear parts in the nation's nuclear stockpile originate from KCNSC," making it "one of the most sensitive facilities in the federal weapons complex." From the report: The breach targeted a plant that produces the vast majority of critical non-nuclear components for US nuclear weapons under the NNSA, a semi-autonomous agency within the Department of Energy (DOE) that oversees the design, production, and maintenance of the nation's nuclear weapons. Honeywell Federal Manufacturing & Technologies (FM&T) manages the Kansas City campus under contract to the NNSA. [...] The attackers exploited two recently disclosed Microsoft SharePoint vulnerabilities -- CVE-2025-53770, a spoofing flaw, and CVE-2025-49704, a remote code execution (RCE) bug -- both affecting on-premises servers. Microsoft issued fixes for the vulnerabilities on July 19. On July 22, the NNSA confirmed it was one of the organizations hit by attacks enabled by the SharePoint flaws. "On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy," a DOE spokesperson said. However, the DOE contended at the time, "The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored." By early August, federal responders, including personnel from the NSA, were on-site at the Kansas City facility, the source tells CSO. Read more of this story at Slashdot.

From the #Secuuritybeat: SharePoint Zero Days Open Door to NNSA Breach CSO Online reports that foreign hackers used SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-49704) to breach the Kansas City National Security Campus (KCNSC), which manufactures roughly 80% of the non-nuclear parts in the US's nuclear stockpile. References: 1. https://lnkd.in/eVVyaDu9 2. https://lnkd.in/eamWW-zT 3. https://lnkd.in/efZcsqTD

Foreign threat actors infiltrated the Kansas City National Security Campus, a key site that produces most of the non-nuclear components for U.S. nuclear weapons. Hackers exploited Microsoft SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-49704) to access systems managed by the Department of Energy and the National Nuclear Security Administration (NNSA). While attribution remains unclear — possibly China or Russia — the incident highlights the fragile gap between IT and OT security, showing how a single flaw can endanger national defense. Even unclassified data can carry strategic value in the wrong hands. Source: https://lnkd.in/eQ9fANDE

A foreign threat actor exploited unpatched Microsoft SharePoint vulnerabilities to infiltrate the Kansas City National Security Campus (KCNSC), exposing critical non-nuclear components for US nuclear weapons and risking sensitive data theft. Organizations must immediately patch SharePoint vulnerabilities to prevent unauthorized access and protect sensitive nuclear weapons component data. 🔒⚠️ #cybersecurity #databreach #hacking https://lnkd.in/gRTWVstJ

Why is Cyber Essentials critical for the Nuclear supply chain? 🔐🔐🔐 Learn more ⬇️⬇️ https://lnkd.in/ebi6qm56 #labdesk #cyberessentials #nuclear Birchwood Park, Warrington Northern Nuclear Alliance #cybersecurity

UTEP has been awarded a $500,000 grant to protect nuclear power plants with AI-driven cybersecurity. The money will help researchers build AI tools to spot and stop cyber attacks. The goal is to keep nuclear plants safe and the power grid reliable. This work shows how universities partner with others to defend important infrastructure. Read the full story here: https://lnkd.in/gnrYQvSm If you care about energy safety and AI, follow UTEP News for updates and share your thoughts in the comments. Feel free to share this post with teammates who focus on cybersecurity or critical infrastructure.

Interesting to attend an United Kingdom National Nuclear Laboratory event discussing research on digitisation of nuclear power plant with wireless instrumentation. It highlight the advantages for existing sites where new cabling costs are high and some of the security vulnerabilities. On reflection, much of the benefit can be realised by existing technologies for asset monitoring and one way remote communication from DCS systems to a tablet giving operators and maintenance staff visibility of the plant parameters. It also highlighted the need for a common competency framework for OT cyber risk assessors, is anyone aware of one similar to IET publication of competence of safety related system engineers in the field of functional safety?