A foreign actor breached the National Nuclear Security Administration’s (NNSA) Kansas City National Security Campus, exploiting unpatched vulnerabilities in Microsoft’s SharePoint browser-based app. The incident raises concerns about federal IT and operational technology (OT) security protections.
The breach targeted a plant that produces critical non-nuclear components for US nuclear weapons. Honeywell Federal Manufacturing & Technologies (FM&T) manages the campus under contract to the NNSA.
Microsoft attributed the attack to Chinese-linked groups, but a source familiar with the incident claims Russian threat actor involvement. The attackers exploited two recently disclosed vulnerabilities in SharePoint — one a spoofing flaw and another a remote code execution bug.
Experts warn that the breach highlights the importance of securing systems protecting operational technology from IT system exploits. IT/OT convergence and zero-trust gaps are significant issues, as operational environments lag behind traditional IT security practices.
The incident also raises questions about non-classified data theft holding strategic value, even if there is no evidence of classified information being compromised. The attack’s impact on US nuclear defense systems is a concern, as unclassified technical data could aid adversaries in understanding US weapons tolerances and manufacturing processes.
Source: https://www.csoonline.com/article/4074962/foreign-hackers-breached-a-us-nuclear-weapons-plant-via-sharepoint-flaws.html