Chinese Hackers Breach Agency Responsible For Overseeing US Nuclear Weapons Stockpile
A hacking campaign linked with China exploited a flaw in one of Microsoft's servers to breach a US nuclear agency. Image courtesy: AI-generated image via DALL-E
Microsoft has confirmed that Chinese state-sponsored hacking groups have exploited vulnerabilities in its SharePoint software to infiltrate multiple institutions worldwide, including the US agency responsible for nuclear weapons.
The company named three Chinese-linked groups— Linen Typhoon, Violet Typhoon, and Storm-2603— as responsible for targeting organisations running on-premises SharePoint servers.
The breaches include the US National Nuclear Security Administration (NNSA), the US Education Department, Florida’s Department of Revenue, and the Rhode Island General Assembly.
Microsoft has released security patches, but the exploitation campaign has already impacted over 100 servers across at least 60 organisations globally, spanning energy, consulting, academic, and government sectors.
Was classified US nuclear information stolen by China?
The hacking campaign, ongoing since at least July 7, targets vulnerabilities in SharePoint servers that are not cloud-based. According to Microsoft’s blog post and external cybersecurity firms like CrowdStrike, initial exploitation bore the hallmarks of government-backed operations. Over time, the attacks widened and began to resemble techniques linked to Chinese threat actors.
CrowdStrike’s Adam Meyers noted that while early activity suggested a state-directed campaign, it now includes a mix of espionage and broader intelligence gathering. A person familiar with the matter confirmed that although NNSA was breached, no classified information appears to have been compromised. The NNSA oversees the United States’ nuclear weapons stockpile, provides naval nuclear reactors, and handles radiological emergencies.
Beyond the US, national governments in Europe and the Middle East have also been targeted, indicating the campaign’s global scope. Microsoft warned that it has “high confidence” the exploits will continue to be used in further attacks.
How has Microsoft responded to the breaches?
Microsoft has released patches to fix the SharePoint vulnerabilities and is continuing to investigate other threat actors that may be using them. However, concerns over its internal security protocols have escalated after a separate report revealed that China-based engineers were involved in supporting US Department of Defense (DoD) cloud systems.
Following a ProPublica investigation, Microsoft confirmed it had ended the role of China-based personnel in providing technical assistance for US defence networks. The company stated it had updated its support model to ensure that only US-based teams handle sensitive government systems.
The revelations prompted US Senator Tom Cotton to demand a formal inquiry, warning of potential national security risks. In response, the Pentagon has launched an internal review to tighten oversight of foreign personnel involved in maintaining critical systems.
What is China’s response and what does this mean for cybersecurity cooperation?
In a statement, the Chinese Embassy in Washington denied the hacking allegations, asserting that China “firmly opposes all forms of cyberattacks and cybercrime.” It criticised what it called “unfounded speculation and accusations,” urging parties to base conclusions on evidence.
Despite such denials, incidents like this have deepened mistrust in cybersecurity cooperation between China and the US. With Microsoft confirming that its investigation is still ongoing and experts expecting continued exploitation of the SharePoint vulnerabilities, the episode underlines the mounting challenges in defending sensitive digital infrastructure from state-sponsored cyber campaigns.
