China-Linked Hackers Breach US Nuclear Weapons Agency In Sophisticated Operation

The National Nuclear Security Administration (NNSA) has been hit by a sophisticated cyberattack that exploited a previously unknown vulnerability in Microsoft SharePoint, and is being widely described by one of the most serious breaches of US defense infrastructure this year. Fingers in the West are pointing to Beijing.

Hackers believed linked to the Chinese government used a zero-day exploit targeting on-premises versions of SharePoint to infiltrate over 50 organizations, including the agency responsible for the Navy’s nuclear submarine reactors. China is vehemently denying the charge.

The NNSA oversees both the production of nuclear reactors for submarines and the maintenance of the US nuclear arsenal. Cybersecurity experts are currently describing what’s known as an advanced remote code execution (RCE) attack.

The vulnerability reportedly affected SharePoint Server 2019 and the Subscription Edition, which allowed attackers to bypass security protocols and execute arbitrary commands on targeted systems, as described in Bloomberg.

The US Department of Energy is well-known to use Microsoft 365 cloud systems for a lot of its SharePoint work. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” a Department of Energy spokesperson conveyed in a statement to Bloomberg. “A very small number of systems were impacted. All impacted systems are being restored.”

It’s believed the hackers were able to gain unauthorized access, steal data, collect login credentials, and potentially move deeper into connected networks; however, the Department of Energy has claimed no classified or sensitive nuclear data was compromised in the breach.

“A very small number of systems were impacted. All impacted systems are being restored,” the statement continued.

Officials credited the agency’s early transition to Microsoft 365 cloud services for minimizing the impact of the breach, as the vulnerability specifically affected only on-premises SharePoint systems and did not impact the cloud-based platform.

“The department experienced minimal impact thanks to its broad adoption of Microsoft M365 and robust cybersecurity infrastructure,” a DOE spokesperson said.

A Microsoft statement said as follows:

Microsoft says it is investigating the breaches and that it has “high confidence” those responsible will “continue to integrate [these vulnerabilities] into their attacks,” with others reported against government entities in Canada, Brazil, Spain, Indonesia, South Africa, the United Kingdom, and Switzerland.

A significant flaw in a widely used Microsoft product allowed multiple Chinese-linked hacking groups to breach dozens of organizations across the globe, including at least two U.S. federal agencies. https://t.co/JlZkyQPkHC

— POLITICO (@politico) July 22, 2025

And crucially, China’s government is flatly denying anything involvement. China’s Embassy in Washington instead described the allegations as “unfounded speculation” and adding it “firmly oppose[s] smearing others without solid evidence.”

But alarm bells have sounded in Washington, given especially that anything involving sensitive nuclear technology, a complex cyberbreach, and headlines involving ‘China’ is sure to attract attention and quick defensive cyber-action.