The recent cyberattack on the U.S. National Nuclear Security Administration (NNSA) marks one of the most severe breaches targeting critical U.S. defense infrastructure in 2025. Chinese state-linked threat actors exploited a zero-day vulnerability in Microsoft SharePoint to infiltrate over 50 organizations, including those responsible for managing the Navy’s nuclear submarine reactors.

According to the Researcher, the attack specifically targeted on-premises installations of SharePoint Server 2019 and Subscription Edition, exploiting an unpatched deserialization vulnerability and an authentication bypass flaw, initially demonstrated at the Pwn2Own Vancouver hacking contest in May 2024.

The attackers leveraged this exploit chain to bypass authentication mechanisms, gain unauthorized access to internal SharePoint systems, and execute arbitrary code. Once inside, the threat actors could extract sensitive data, steal user credentials, and potentially move laterally across connected systems. However, due to NNSA's ongoing migration to Microsoft 365 cloud services and strong internal cybersecurity defenses, no classified or sensitive nuclear data was reportedly compromised. Officials emphasized that the agency’s cloud-first strategy played a key role in minimizing the breach’s impact.

Microsoft responded swiftly by releasing emergency patches to mitigate the vulnerabilities across all affected SharePoint Server versions. The Microsoft Security Response Center (MSRC) issued a critical security advisory, assigning the exploit chain a CVSS score of high reflecting its severity and ease of exploitation. Organizations using on-premises SharePoint were strongly urged to apply the patches immediately and verify their systems for potential signs of compromise, particularly if they had not updated their systems since the vulnerability disclosure.

This incident underscores the persistent risks associated with on-premises enterprise software and highlights the growing capabilities of advanced persistent threat (APT) groups, especially those backed by nation-states like China. It also reinforces the importance of proactive vulnerability management, timely patching, and transitioning to cloud-based services where security updates can be centrally and rapidly deployed. As supply chain attacks become increasingly common, organizations must enhance their resilience by modernizing infrastructure and strengthening incident response procedures.