National Nuclear Security Administration, a Department of Energy arm responsible for maintaining and designing the nation’s cache of nuclear weapons, was among those US agencies breached by a hack of Microsoft’s SharePoint document management software.
Microsoft has identified two groups supported by the 
government, Linen Typhoon and Violet Typhoon, as leveraging flaws in the SharePoint software. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited the SharePoint vulnerabilities.
No sensitive or classified information is known to have been compromised in the attack. Other parts of DOE were also compromised.
“The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored.”
The NNSA has a broad mission, which includes providing the Navy with nuclear reactors for submarines and responding to radiological emergencies, among other duties. The agency also plays a key role in counterterrorism and transporting nuclear weapons around the country.
In addition to the Department of Energy, the hackers have broken into systems belonging to national governments in Europe and the Middle East, the US Education Department, Florida’s Department of Revenue and the Rhode Island General Assembly.
The full extent of the damage isn’t yet clear. The flaws apply to SharePoint customers who manage the software on their own networks, as opposed to on the cloud.
bloomberg.com/news/articles/