Cyber Incident Victim: National Nuclear Security Administration
Date:
Jul 2025
Location:
United States of America
Summary
The U.S. National Nuclear Security Administration experienced a cybersecurity breach through a compromise of Microsoft SharePoint software, as reported by unnamed sources. The incident did not result in the exposure of sensitive or classified information related to the agency's responsibilities for maintaining and designing the nation's nuclear weapons arsenal.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The U.S. National Nuclear Security Administration (NNSA) was identified as a victim of a cybersecurity breach involving Microsoft’s SharePoint document management software, as reported by Bloomberg News on July 22, 2025. The incident was disclosed by an anonymous source familiar with the matter, though the exact timeline of the breach and its initial detection remained unspecified in available reports. Bloomberg indicated the compromise stemmed from vulnerabilities or exploits within Microsoft’s SharePoint platform, which the NNSA used for document management. The NNSA, a semi-autonomous agency under the U.S. Department of Energy responsible for nuclear weapons maintenance and design, confirmed no sensitive or classified information was known to have been exfiltrated or accessed during the incident. No operational disruptions to nuclear weapons systems or critical infrastructure were reported. The breach’s scope within the NNSA’s SharePoint environment—such as the number of affected users, documents, or subsystems—was not detailed in the initial disclosure.
Reuters could not independently verify Bloomberg’s report at the time of publication. The U.S. Department of Energy, which oversees the NNSA, did not provide immediate comment on the incident. Microsoft, the developer of SharePoint, also declined to respond to Reuters’ requests for confirmation or technical details regarding the alleged exploit. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the federal entity tasked with coordinating cyber incident response, similarly offered no public statement. No attribution to a specific threat actor or group was provided in the available reporting. The absence of confirmed data compromise or operational impact suggested the breach was contained before escalating to critical systems or classified repositories. No additional mitigation measures, forensic investigations, or recovery actions by the NNSA or its partners were disclosed in the immediate aftermath of the report.