Someday the US government will take security seriously, but apparently that is not today. US nuclear weapons agency hacked in Microsoft SharePoint attacks
The bombs were not hacked, but this is still a disturbing story.
This all rests on the back of Microsoft and a problem with one of their bits of software, SharePoint On-Premise.
A Department of Energy spokesperson confirmed in a statement that hackers gained access to NNSA networks last week.
"On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA," Department of Energy Press Secretary Ben Dietderich told BleepingComputer. "The Department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems."
The hat tip for this goes to Mutahar at SomeOrdinaryGamers and his video The Nuclear Weapons Agency Got Hacked... (I recommend Mutahar's explanation if you want some more detail.)
And for anybody that doesn't know what's going on here, as of like the last couple days, around 400 institutions were actually hacked internationally. Okay, this is a pretty massive hack that's been happening.
The hack was so bad, that Microsoft did something they almost never do. They released an emergency patch and didn't wait for Patch Tuesday.
Now to be fair, the NNSA had procedures in place to detect this intrusion, and lock it down pretty quickly.
Last year I contacted the NNSA about something. The ladies in the front office are incredibly nice and efficient. After a few days of no response, I called for an update. My contact profusely apologized for the delay. She said the delay was by a DDOS. Ultimately, the website I used had crashed.
ReplyDelete