{"id":11874,"date":"2025-07-23T15:03:58","date_gmt":"2025-07-23T15:03:58","guid":{"rendered":"https:\/\/naijaglobalnews.org\/?p=11874"},"modified":"2025-07-23T15:03:58","modified_gmt":"2025-07-23T15:03:58","slug":"us-nuclear-weapons-agency-among-400-organisations-breached-by-chinese-hackers-microsoft","status":"publish","type":"post","link":"https:\/\/naijaglobalnews.org\/?p=11874","title":{"rendered":"US nuclear weapons agency \u2018among 400 organisations breached by Chinese hackers\u2019 | Microsoft"},"content":{"rendered":"<p>\n<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft says Chinese \u201cthreat actors\u201d, including state-sponsored hackers, have exploited security vulnerabilities in its SharePoint document-sharing servers, with research indicating that several hundred government agencies and organisations have been breached.<\/p>\n<p class=\"dcr-16w5gq9\">Hackers have already breached 400 agencies, businesses and other groups, the Dutch cybersecurity company Eye Security said, adding: \u201cWe expect it may continue to rise as investigations progress.\u201d<\/p>\n<p class=\"dcr-16w5gq9\">The majority of the victims are in the US, it found, while Bloomberg reported that the US agency charged with overseeing nuclear weapons, the National Nuclear Security Administration, was among the victims.<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft said it had observed three groups \u2013 the Chinese state-backed Linen Typhoon and Violet Typhoon, and Storm-2603, which is believed to be China-based \u2013 using \u201cnewly disclosed security vulnerabilities\u201d to target internet-facing servers hosting the platform.<\/p>\n<p class=\"dcr-16w5gq9\">Its announcement came amid reports in the Financial Times that Amazon was shutting down its artificial intelligence lab in Shanghai, while the consultancy McKinsey has stopped its China business from taking on work related to AI amid worsening geopolitical tensions between Washington and Beijing.<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft and IBM have recently scaled back China-based research and development projects, as US officials are stepping up their scrutiny of US companies working in AI in China.<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft said in a blogpost that the vulnerabilities were in on-premises SharePoint servers, which are commonly used by companies, rather than in its cloud-based service.<\/p>\n<p class=\"dcr-16w5gq9\">Many large organisations and businesses use SharePoint as a platform for storing documents and allowing colleagues to collaborate on them, and it is regarded as working well alongside other Microsoft products, including Office and Outlook.<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft said the attacks had begun as early as 7 July and that the hackers were trying to exploit vulnerabilities to \u201cgain initial access to target organisations\u201d.<\/p>\n<p class=\"dcr-16w5gq9\">The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on servers. Microsoft said it had observed attacks where the attackers had sent a request to a SharePoint server \u201cenabling the theft of the key material\u201d.<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft said it had released security updates and advised all users of on-premises SharePoint systems to install them. It warned that it assessed with \u201chigh confidence\u201d that the hacking groups would continue to attack unpatched on-premises SharePoint systems.<\/p>\n<p>skip past newsletter promotion<\/p>\n<p class=\"dcr-rsfwa\">Sign up to <span>Business Today<\/span><\/p>\n<p class=\"dcr-1xjndtj\">Get set for the working day \u2013 we&#8217;ll point you to all the business news and analysis you need every morning<\/p>\n<p><span class=\"dcr-1eusqlu\"><strong>Privacy Notice: <\/strong>Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply.<\/span><\/p>\n<p id=\"EmailSignup-skip-link-11\" tabindex=\"0\" aria-label=\"after newsletter promotion\" role=\"note\" class=\"dcr-jzxpee\">after newsletter promotion<\/p>\n<p class=\"dcr-16w5gq9\">Eye Security said in a press release that it had detected \u201cunusual activity\u201d on a customer\u2019s on-premises SharePoint server on the evening of 18 July. It added that it had subsequently scanned more than 8,000 publicly accessible SharePoint servers around the world and had \u201cidentified dozens of compromised systems, confirming that attackers are conducting a coordinated mass exploitation campaign\u201d.<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft said Linen Typhoon had been \u201cfocused on stealing intellectual property, primarily targeting organisations related to government, defence, strategic planning, and human rights\u201d since 2012.<\/p>\n<p class=\"dcr-16w5gq9\">It added that since 2015 Violet Typhoon had been \u201cdedicated to espionage, primarily targeting former government and military personnel, non-governmental organisations, thinktanks, higher education, digital and print media, financial and health related sectors in the United States, Europe, and east Asia\u201d.<\/p>\n<p class=\"dcr-16w5gq9\">Microsoft said it had \u201cmedium confidence\u201d that the third group, Storm-2603, was based in China, but said it had not established links between the group and other Chinese threat actors. It warned that \u201cadditional actors\u201d might also target on-premises SharePoint systems to exploit their vulnerabilities if its security updates were not installed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft says Chinese \u201cthreat actors\u201d, including state-sponsored hackers, have exploited security vulnerabilities in its SharePoint document-sharing servers, with research indicating that several hundred government agencies and organisations have been breached. Hackers have already breached 400 agencies, businesses and other groups, the Dutch cybersecurity company Eye Security said, adding: \u201cWe expect it may continue to rise<\/p>\n","protected":false},"author":1,"featured_media":11875,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[2239,498,5383,4261,4262,1563,220,5382,1071],"class_list":{"0":"post-11874","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-agency","9":"tag-among","10":"tag-breached","11":"tag-chinese","12":"tag-hackers","13":"tag-microsoft","14":"tag-nuclear","15":"tag-organisations","16":"tag-weapons"},"_links":{"self":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/11874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11874"}],"version-history":[{"count":0,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/11874\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/media\/11875"}],"wp:attachment":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}