Microsoft SharePoint Attacks Reportedly Affected US Nuclear Weapons Agency: Over 50 Organizations Affected as Per Report

The American tech giant – Microsoft had just recently revealed that hacking groups that are believed to be associated with the Chinese government have been exploiting its SharePoint software via a flaw within it and now, a news report has pointed out that the US nuclear weapons agency – National Nuclear Security Administration was also affected as part of these cyber attacks.

Here’s more about the report.

US Nuclear Agency Affected as Part of Microsoft’s SharePoint Attacks?

According to the news report, the zero-day vulnerability attacks have affected Microsoft’s on-premises versions of SharePoint, and it is said to have hit over 50 organizations. The origin is suggested to have occurred via the combination of two bugs present within the Pwn20wn hacking contest that was conducted back in May 2025. As a result of the flaw, hackers were able to access SharePoint servers remotely, steal data and passwords, and even move into other connected devices too.

Among these, the US nuclear weapons agency that provides nuclear reactors for Navy submarines is also reported to have been affected. However, even though the Microsoft SharePoint exploit has affected the US nuclear weapons agency, no data breach of sensitive or classified information has occurred.

As mentioned, only the SharePoint on-premises versions were affected by the attacks, while the SharePoint Online that is part of the Microsoft 365 cloud service remained unaffected. This is the reason why no data leaks happened when the US nuclear weapons agency was affected as the US Department of Energy makes use of the Microsoft 365 cloud for SharePoint-related works. Thus, the attacks only impacted minimally. To add, the impacted systems are also now being restored. On Microsoft’s side, it has fixed all the versions of SharePoint that were affected.