Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
2 days ago
- #IT-OT-convergence
- #national-security
- #cybersecurity
- Foreign actor infiltrated the Kansas City National Security Campus (KCNSC) via Microsoft SharePoint vulnerabilities.
- KCNSC produces critical non-nuclear components for US nuclear weapons under the NNSA.
- Attackers exploited two SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-49704), patched by Microsoft on July 19.
- DOE claimed minimal impact due to cloud usage, but federal responders were on-site by August.
- Attribution conflicts: Microsoft points to Chinese groups (Linen Typhoon, Violet Typhoon), while a source suggests Russian involvement.
- Experts warn of potential lateral movement from IT to OT systems, despite likely air-gapping.
- Incident highlights the IT/OT security gap and the need for comprehensive zero-trust frameworks.
- Unclassified data theft could still have strategic value, revealing manufacturing tolerances or processes.
- DOE confirmed furloughing NNSA workers due to government shutdown, a first since 2000.