China-linked hackers hit US nuclear and health agencies

Jul 23, 2025 at 01:05 PM CDT

William Jackson (Producer), Karah Rucker (Anchor/Reporter)

Hackers exploited flaws in Microsoft SharePoint software to compromise servers at the National Institutes of Health (NIH) and the National Nuclear Security Administration (NNSA), officials confirmed. The breach was part of a broader global campaign that targeted on-premise SharePoint systems, affecting at least 60 organizations across multiple sectors and countries. — Image credit: Thomas Fuller/SOPA Images/LightRocket via Getty Images

This recording was made using enhanced software.

Summary

Nuclear breach

Hackers exploited flaws in Microsoft SharePoint to breach systems at the National Nuclear Security Administration. No classified data was compromised, officials confirmed.

Health department attack

The NIH disconnected eight servers after confirming a compromise and attempted intrusions. Sites for major NIH programs were affected.

Chinese groups blamed

Microsoft and security researchers linked the breach to China-backed groups including Violet Typhoon and Storm-2603. Beijing denied involvement, citing lack of evidence.

Full story

Hackers exploited flaws in Microsoft SharePoint software to compromise servers at the National Institutes of Health (NIH) and the National Nuclear Security Administration (NNSA), officials confirmed. The breach was part of a broader global campaign that targeted on-premise SharePoint systems, affecting at least 60 organizations across multiple sectors and countries.

An internal email obtained by The Washington Post reveals that attackers compromised one server at NIH and attempted to breach two others. NIH disconnected eight servers from the internet as a precaution. The affected systems hosted sites for the National Institute of Diabetes and Digestive and Kidney Diseases and the Fogarty International Center.

QR code for SAN app download

Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.

Point phone camera here

Did the attack compromise any classified information?

The Department of Energy said the breach did not compromise classified materials. A spokesperson said that the agency experienced minimal impact because it used Microsoft’s cloud infrastructure and confirmed that technicians are working to restore affected systems. The NNSA, a semi-autonomous Energy Department arm responsible for nuclear weapons security, confirmed the breach but emphasized that sensitive data remained secure.

Microsoft and cybersecurity researchers attributed the intrusions to several China-linked hacking groups, including Violet Typhoon, Linen Typhoon and Storm-2603. Microsoft reported “high confidence” that attackers would continue leveraging the exploited flaws. The Chinese Embassy denied involvement and warned against accusations lacking evidence.

How severe and widespread was the campaign?

Palo Alto Networks described the vulnerability as “high-severity” due to SharePoint’s integration with platforms like OneDrive and Outlook. Security firm Eye Security said attackers could bypass patches, steal credentials and maintain access even after systems were rebooted. The flaws have been used to breach at least 100 servers, with victims in the U.S., Europe, the Middle East and Asia.

Other compromised entities reportedly included the U.S. Education Department, Florida’s Department of Revenue and Rhode Island’s General Assembly, though not all agencies responded to requests for comment.

Microsoft issued patches in early July and is continuing to investigate the attacks. The company has implemented reforms following prior high-profile breaches and is working with U.S. agencies and cybersecurity firms to harden defenses.

William Jackson (Producer)

William is a producer at Straight Arrow News, located in Omaha, Nebraska.

Karah Rucker (Anchor/Reporter)

Karah Rucker is the host of Bias Breakdown and a daily news anchor for Straight Arrow News. She examines media bias and breaks down left- and right-leaning narratives with impartial analysis.

Emma Stoltzfus (Video Editor) and Devin Pavlou (Digital Producer) contributed to this report.

Tags: China, Hackers, Microsoft, nuclear

[Karah Rucker]

HACKERS LINKED TO CHINA HAVE BREACHED SERVERS AT THE NATIONAL INSTITUTES OF HEALTH AND THE NATIONAL NUCLEAR SECURITY ADMINISTRATION—USING A VULNERABILITY IN MICROSOFT SHAREPOINT SOFTWARE.

THE CYBERATTACK IS PART OF A GLOBAL CAMPAIGN TARGETING ON-PREMISE SYSTEMS. AT NIH, ONE SERVER WAS COMPROMISED , WHILE TWO OTHERS SHOWED SIGNS OF ATTEMPTED ACCESS. EIGHT SERVERS WERE TAKEN OFFLINE AS A PRECAUTION.

THE NNSA, RESPONSIBLE FOR NUCLEAR WEAPONS SECURITY, CONFIRMED THE BREACH BUT SAYS NO CLASSIFIED DATA WAS EXPOSED. OFFICIALS CREDIT THE AGENCY’S USE OF MICROSOFT’S CLOUD SERVICES FOR LIMITING THE IMPACT.

MICROSOFT ATTRIBUTES THE ATTACKS TO CHINA-BASED GROUPS VIOLET TYPHOON AND STORM-2603. BEIJING DENIES ANY INVOLVEMENT AND WARNS AGAINST WHAT IT CALLS “UNFOUNDED ACCUSATIONS.”

CYBERSECURITY RESEARCHERS SAY THE EXPLOITED FLAW ALLOWS HACKERS TO BYPASS PATCHES, STEAL CREDENTIALS, AND MAINTAIN ACCESS EVEN AFTER SYSTEM RESTARTS.

DOZENS OF GOVERNMENT AGENCIES AND PRIVATE ORGANIZATIONS WORLDWIDE WERE ALSO AFFECTED. MICROSOFT ISSUED EMERGENCY PATCHES EARLIER THIS MONTH AND CONTINUES WORKING WITH U.S. OFFICIALS TO INVESTIGATE.

FOR MORE OF OUR UNBIASED, STRAIGHT FACT REPORTING – DOWNLOAD THE STRAIGHT ARROW NEWS APP TODAY, OR LOG ON TO SAN.COM.

U.S.

12 hrs ago

3 min read

At least 4 dead, 13 injured after alleged street racer crashes into Tampa nightclub
U.S.

15 hrs ago

2 min read

Trump proposes 50-year mortgage, sparking housing debate
U.S.

20 hrs ago

5 min read

USDA backing Washington ranchers in standoff with state authorities
Lifestyle

21 hrs ago

4 min read

Sign here: What your signature reveals about your self-esteem

Sources

Bias comparison

Media outlets on the left frame the breach primarily as a serious security failure at a sensitive nuclear weapons agency, emphasizing vulnerability with terms like “breached” and criticizing officials who “insist that’s no big deal,” spotlighting concerns about government downplaying and broader systemic risks including references to past cyberattacks like SolarWinds.
Media outlets in the center uniquely tempers these framings by neutrally reporting no compromise of classified data and emphasizing SharePoint Online’s immunity, thus de-emphasizing alarm.
Media outlets on the right similarly stress the national security threat but focus sharply on Chinese culpability, using charged phrases like “China-linked hack” and “blames,” creating a narrative of ongoing Chinese cyber aggression that bolsters geopolitical anxieties.

Report an issue with this comparison

Media landscape

Click on bars to see headlines

51 total sources

Key points from the Left

The U.S. National Nuclear Security Administration was breached due to a hack of Microsoft SharePoint software, according to a knowledgeable source.
No sensitive information was compromised in the attack, as per the anonymous individual.
Microsoft attributed the breach to Chinese state-sponsored hackers exploiting software vulnerabilities.
The Department of Energy reported minimal impact from the attacks due to strong cybersecurity measures and is currently restoring affected systems.

Report an issue with this summary

No coverage from Far Left sources 0 sources
See Hide headlines from Left sources 1 sources
- U.S. Nuclear Weapons Agency Breached In Microsoft SharePoint Hack: Bloomberg
  HuffPost
See Hide headlines from Lean Left sources 7 sources

Key points from the Center

Unknown hackers exploited a Microsoft SharePoint zero-day vulnerability to breach the National Nuclear Security Administration and other agencies in July 2025.
The attacks began on July 18 and followed earlier unnoticed exploitation starting around July 7, targeting self-hosted SharePoint servers vulnerable to CVE-2025-53770.
Microsoft and Google identified Chinese state-sponsored groups Linen Typhoon, Violet Typhoon and Storm-2603 as the main exploiters of the vulnerability across government and corporate networks.
Researchers identified over 400 compromised servers and at least 148 affected organizations worldwide, while the NNSA reported that only a limited number of their systems were affected and are currently undergoing restoration.

Report an issue with this summary

See Hide headlines from Center sources 9 sources

Key points from the Right

The National Nuclear Security Administration was affected by a cyberattack targeting Microsoft's SharePoint software, confirmed by a person familiar with the matter to Bloomberg.
The Energy Department acknowledged a breach that began on July 18 due to a zero-day vulnerability in SharePoint and reported the impact as minimal, affecting a small number of systems.
Microsoft attributed the hacking campaign to Chinese state-sponsored groups, including Linen Typhoon, Violet Typhoon and Storm-2603, exploiting SharePoint vulnerabilities.
Officials assured that no classified data was compromised, stating that the department's use of Microsoft M365 and strong cybersecurity systems minimized the impact.

Report an issue with this summary

See Hide headlines from Lean Right sources 6 sources
See Hide headlines from Right sources 2 sources
- Microsoft server hack has now hit 400 victims, researchers say
  OAN
- 'Om's Digital Work Environment Indeed Hacked'
  De Telegraaf
No coverage from Far Right sources 0 sources

Other (sources without bias rating):

See Hide headlines from Other sources 26 sources

Powered by Ground News™

Sources