ToolShell Fallout: Chinese Hackers Exploit Microsoft Zero-Day to Breach U.S. Nuclear Agency
A coordinated wave of cyberattacks leveraging a Microsoft SharePoint zero-day vulnerability, now tracked as the ToolShell exploit chain, has compromised over 400 servers globally—including systems within the U.S. Department of Energy’s National Nuclear Security Administration (NNSA). Although the breach minimally impacted the agency, which manages the American nuclear arsenal, it highlights the increasing sophistication and scale of nation-state cyber campaigns. Microsoft and Google attributed the activity to Chinese state-sponsored groups—Linen Typhoon, Violet Typhoon, and Storm-2603—while other actors remain under investigation. Initial detection by Dutch firm Eye Security revealed early signs of compromise as far back as July 7, with subsequent intrusions confirmed at U.S. federal and state agencies, as well as European and Middle Eastern government networks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded by mandating immediate remediation of the CVE-2025-53770 flaw.
