.jpg)
7 hours ago
1
Article content
(Bloomberg) — The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman, and others.
- Daily content from Financial Times, the world's leading global business publication.
- Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
- National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman and others.
- Daily content from Financial Times, the world's leading global business publication.
- Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
- National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
REGISTER / SIGN IN TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account.
- Share your thoughts and join the conversation in the comments.
- Enjoy additional articles per month.
- Get email updates from your favourite authors.
THIS ARTICLE IS FREE TO READ REGISTER TO UNLOCK.
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account
- Share your thoughts and join the conversation in the comments
- Enjoy additional articles per month
- Get email updates from your favourite authors
Sign In or Create an Account
or
Article content
No sensitive or classified information is known to have been compromised in the attack on the National Nuclear Security Administration, said the person, who wasn’t authorized to speak publicly and asked not to be identified. The semiautonomous arm of the Energy Department is responsible for producing and dismantling nuclear arms. Other parts of the department were also compromised.
Article content
Article content
Article content
The agency referred questions about the attack to the Energy Department.
Article content
By signing up you consent to receive the above newsletter from Postmedia Network Inc.
Article content
“On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy,” an agency spokesman said in an email. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored.”
Article content
The NNSA has a broad mission, which includes providing the Navy with nuclear reactors for submarines and responding to radiological emergencies, among other duties. The agency also plays a key role in counterterrorism and transporting nuclear weapons around the country.
Article content
Hackers were able to breach the agency as part of a 2020 attack on a widely used software program from SolarWinds Corp. A department spokesperson said then that malware had “been isolated to business networks only.”
Article content
Microsoft has blamed Chinese state-sponsored hackers for the attacks, which exploited flaws in its commonly used SharePoint document management software in a campaign that has breached governments, businesses and other organizations around the world. In some instances, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, Bloomberg reported earlier.
Article content
Article content
In addition to the Energy Department, the hackers have broken into systems belonging to national governments in Europe and the Middle East, the US Education Department, Florida’s Department of Revenue and the Rhode Island General Assembly.
Article content
The full extent of the damage isn’t yet clear. The flaws apply to SharePoint customers who manage the software on their own networks, as opposed to on the cloud.
Article content
Microsoft, in a blog post Tuesday, identified two groups supported by the Chinese government, Linen Typhoon and Violet Typhoon, as leveraging flaws in the SharePoint software. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited the SharePoint vulnerabilities, according to the blog.
Article content
English (US)