National Nuclear Security Administration (NNSA) Company Cyber Security Posture
energy.govEstablished by Congress in 2000, NNSA is a semi-autonomous agency within the U.S. Department of Energy that protects our nation by designing and delivering a safe, secure, reliable, and effective U.S. nuclear stockpile; forging solutions that enable global security and stability through nonproliferation and counterproliferation; responding to nuclear and radiological emergencies in the U.S. and abroad; providing nuclear propulsion to power a global U.S. Navy; and leveraging transformative technologies to address emerging challenges. The Nuclear Security Enterprise includes: headquarters sites in Washington, DC; Gaithersburg, MD; and Albuquerque, NM; as well as Kansas City National Security Campus in Kansas City, MO; Lawrence Livermore National Laboratory in Livermore, CA; Los Alamos National Laboratory in Los Alamos, NM; the Nevada National Security Site in Las Vegas, NV; the Pantex Plant in Amarillo, TX; Sandia National Laboratories in Albuquerque, NM, and Livermore, CA; the Savannah River Site in Aiken, SC; and the Y-12 National Security Complex in Oak Ridge, TN.
NNSA( Company Details
national-nuclear-security-administration
1630 employees
62341.0
922
Government Administration
energy.gov
Scan still pending
NAT_2635952
In-progress
NNSA( Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
NNSA( Global Score.png)
National Nuclear Security Administration (NNSA) Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
National Nuclear Security Administration (NNSA) Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| National Nuclear Security Administration (NNSA) | Breach | 100 | 5 | 7/2025 | NAT349072525 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: The NNSA, a division of the Department of Energy responsible for the nationโs nuclear weapons stockpile, confirmed it was affected by a recent global cyberattack campaign exploiting Microsoftโs SharePoint vulnerabilities. A very small number of systems were impacted, but no classified information was compromised due to NNSAโs strong cybersecurity systems and widespread use of Microsoft M365 cloud services. All impacted systems are being restored, and immediate action was taken to contain the threat. | |||||||
| National Nuclear Security Administration (NNSA) | Cyber Attack | 100 | 8 | 7/2025 | NAT242072325 | Link | |
Rankiteo Explanation : Attack that could bring to a warDescription: The National Nuclear Security Administration (NNSA) experienced a sophisticated cyber attack that exploited a previously unknown vulnerability in Microsoft SharePoint. The attack, carried out by Chinese government-affiliated hacking groups, targeted over 50 organizations, including the agency responsible for maintaining the Navyโs nuclear submarine reactors. The attack leveraged a zero-day exploit affecting on-premises SharePoint installations, allowing attackers to bypass authentication mechanisms and execute arbitrary code on target systems. Despite the severity of the attack, no classified or sensitive nuclear information was compromised due to the agency's cloud-based systems usage. The incident highlights the risks posed by on-premises enterprise software installations and the evolving capabilities of advanced persistent threat groups. | |||||||
| National Nuclear Security Administration | Ransomware | 100 | 7/2025 | NAT338072525 | Link | ||
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: The National Nuclear Security Administration (NNSA), which oversees the U.S. nuclear weapons supply, experienced a breach through a vulnerability in Microsoft SharePoint products. The breach, part of a larger campaign exploiting CVE-2025-49706, resulted in a minimal impact according to the Department of Energy. A very small number of systems were affected, and there is no evidence of sensitive or classified information being compromised. The NNSA is taking appropriate actions to mitigate risks and transition to other offerings as necessary. | |||||||
National Nuclear Security Administration (NNSA) Company Subsidiaries
Established by Congress in 2000, NNSA is a semi-autonomous agency within the U.S. Department of Energy that protects our nation by designing and delivering a safe, secure, reliable, and effective U.S. nuclear stockpile; forging solutions that enable global security and stability through nonproliferation and counterproliferation; responding to nuclear and radiological emergencies in the U.S. and abroad; providing nuclear propulsion to power a global U.S. Navy; and leveraging transformative technologies to address emerging challenges. The Nuclear Security Enterprise includes: headquarters sites in Washington, DC; Gaithersburg, MD; and Albuquerque, NM; as well as Kansas City National Security Campus in Kansas City, MO; Lawrence Livermore National Laboratory in Livermore, CA; Los Alamos National Laboratory in Los Alamos, NM; the Nevada National Security Site in Las Vegas, NV; the Pantex Plant in Amarillo, TX; Sandia National Laboratories in Albuquerque, NM, and Livermore, CA; the Savannah River Site in Aiken, SC; and the Y-12 National Security Complex in Oak Ridge, TN.
Access Data Using Our API
Get company history
Rapid.png)
NNSA( Cyber Security News
US Nuclear Weapons Agency Breached by Hackers Using SharePoint 0-Day Vulnerability
The NNSA has fallen victim to a sophisticated cyber attack exploiting a previously unknown vulnerability in Microsoft SharePoint.
Microsoft SharePoint Hack Breaches US National Nuclear Security Administration
The active exploitation of a zero-day vulnerability in Microsoft SharePoint has led to a sweeping cyberattack involving over 100ย ...
NNSA starts to chip away at its technical debt
The National Nuclear Security Administration's technology hasn't kept pace with its mission demands. This lack of investment has created aย ...
Nuclear Security
How do we make sure a nuclear weapon always works as intended and never detonates unintentionally? We use the world's fastest supercomputers , powerful lasers ,ย ...
DoEโs NNSA Component Names Ross Graber CISO
The Energy Department's National Nuclear Security Administration (NNSA) component has appointed Ross Graber chief information security officer (ย ...
US DOE, NNSA lead AI risk mitigation efforts following White House memo
The DOE's Office of Critical & Emerging Technologies (CET) released in September a Request for Information (RFI) to seek public input on theย ...
Dismissed nuclear bomb specialists recalled by Energy Department
The firings โ part of a wave of terminations across the federal government this week spurred by Elon Musk's Department of Government Efficiencyย ...
Nuclear security IT contract faces challenges from disappointed bidders
By Nick Wakeman. | October 8, 2024. The National Nuclear Security Administration chose General Dynamics IT for this bundled award that also includes cyberย ...
NNSA hosts cybersecurity exercise to strengthen incident response capabilities
These exercises identify opportunities to improve cyber security systems and strengthen cyber operations policies and procedures. Theย ...
NNSA( Similar Companies
Gobierno de Cantabria
Regional Government of Cantabria Government of Autonomous Region of Cantabria situated in north coast of Spain. Population: aprox. 580.000 inhab. (2008) Surface: 5.221 squared km. Capital: Santander. The Regional Government has competences in Tax, Health, Social Care, Education, Industry, Energy,
GCBA
Lorem ipsum ad his scripta blandit partiendo, eum fastidii accumsan euripidis in, eum liber hendrerit an. Qui ut wisi vocibus suscipiantur, quo dicit ridens inciderint id. Quo mundi lobortis reformidans eu, legimus senserit definiebas an eos. Eu sit tincidunt incorrupte definitionem, vis mutat affer
USDA
The United States Department of Agriculture is the United States federal executive department responsible for developing and executing U.S. federal government policy on farming, agriculture, and food. It aims to meet the needs of farmers and ranchers, promote agricultural trade and production, work
Prefeitura Municipal de Campinas
Prefeitura Municipal de Campinas - www.campinas.sp.gov.br Campinas City Hall (Brasil) Situada no coraรงรฃo de Sรฃo Paulo, o estado mais desenvolvido do Brasil, Campinas vive o seu melhor momento em dรฉcadas, tanto no campo econรดmico quanto no social. A cidade nunca esteve tรฃo preparada para receber
District Trade and Industries Center
This is a Government Office we Help People to Organise Their Industry work either is it of new factory or of old ones we provide space as well as loans for them they can help ourself by taking schems from our department like tax free scheme pollution certificate visesh panjiyan fa certifa
CNPq - Conselho Nacional de Desenvolvimento Cientรญfico e Tecnolรณgico
O Conselho Nacional de Desenvolvimento Cientรญfico e Tecnolรณgico (CNPq), agรชncia do Ministรฉrio da Ciรชncia, Tecnologia e Inovaรงรฃo (MCTI), tem como principais atribuiรงรตes fomentar a pesquisa cientรญfica e tecnolรณgica e incentivar a formaรงรฃo de pesquisadores brasileiros. Criado em 1951, desempenha pap
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NNSA( CyberSecurity History Information
How many cyber incidents has NNSA( faced?
Total Incidents: According to Rankiteo, NNSA( has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at NNSA(?
Incident Types: The types of cybersecurity incidents that have occurred incidents Cyber Attack, Ransomware and Breach.
How does NNSA( detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through law enforcement notified with True and containment measures with Disconnecting affected servers, Immediate action to contain the threat and remediation measures with Restoring impacted systems and third party assistance with CISA, Microsoft, MS-ISAC and remediation measures with Emergency security patches released by Microsoft.
Incident Details
Can you provide details on each incident?
Incident : Cyberattack
Title: Global Cyberattack on Microsoft SharePoint Software
Description: A recent global cyberattack campaign exploiting critical vulnerabilities in Microsoftโs on-premise SharePoint software has impacted several US government agencies, including the National Institutes of Health (NIH) and the National Nuclear Security Administration (NNSA).
Date Detected: 2025-07-18
Type: Cyberattack
Attack Vector: Exploitation of zero-day vulnerabilities
Vulnerability Exploited: CVE-2025-49706, CVE-2025-49704, CVE-2025-53770
Threat Actor: Linen Typhoon, Violet Typhoon, Storm-2603
Motivation: Unauthorized access to SharePoint content
Incident : Ransomware
Title: Chinese Hackers Exploit Microsoft SharePoint Vulnerability to Deploy Warlock Ransomware
Description: Chinese hackers are exploiting a new vulnerability in Microsoft SharePoint products to deploy ransomware, increasing the pressure on governments around the world as they race to assess any damage done to their systems.
Date Detected: 2023-07-17
Type: Ransomware
Attack Vector: Exploiting CVE-2025-49706 in Microsoft SharePoint
Vulnerability Exploited: CVE-2025-49706
Threat Actor: Storm-2603
Incident : Cyber Attack
Title: NNSA Cyber Attack via SharePoint Zero-Day Exploit
Description: The National Nuclear Security Administration (NNSA) has fallen victim to a sophisticated cyber attack exploiting a previously unknown vulnerability in Microsoft SharePoint, marking one of the most significant security breaches targeting critical US defense infrastructure this year.
Date Detected: 2024-05-01
Type: Cyber Attack
Attack Vector: Remote Code Execution (RCE) exploit via SharePoint zero-day vulnerability
Vulnerability Exploited: Deserialization vulnerability combined with an authentication bypass flaw in SharePoint Server versions 2019 and Subscription Edition
Threat Actor: Chinese government-affiliated hacking groups
Motivation: Extract sensitive data, harvest user credentials, and potentially pivot to connected network infrastructure
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Microsoft SharePoint vulnerabilities, Microsoft SharePoint vulnerability CVE-2025-49706 and Microsoft SharePoint Server.
Impact of the Incidents
What was the impact of each incident?
Incident : Cyberattack NAT349072525
Systems Affected: NIH SharePoint server system, NNSA systems, California Independent System Operator
Incident : Ransomware NAT338072525
Systems Affected: Governments and businesses around the world, including the National Nuclear Security Administration, National Institutes of Health, and Department of Homeland Security
Incident : Cyber Attack NAT242072325
Data Compromised: None
Systems Affected: Microsoft SharePoint Server
Which entities were affected by each incident?
Incident : Cyberattack NAT349072525
Entity Type: Government Agency
Industry: Biomedical Research
Location: USA
Incident : Cyberattack NAT349072525
Entity Type: Government Agency
Industry: Nuclear Security
Location: USA
Incident : Cyberattack NAT349072525
Entity Type: Non-Profit
Industry: Electric Grid Management
Location: California, USA
Incident : Ransomware NAT338072525
Entity Type: Government
Industry: Nuclear Weapons Supply
Location: United States
Incident : Cyber Attack NAT242072325
Entity Type: Government Agency
Industry: Defense
Location: United States
Response to the Incidents
What measures were taken in response to each incident?
Incident : Cyberattack NAT349072525
Law Enforcement Notified: True
Containment Measures: Disconnecting affected servers, Immediate action to contain the threat
Remediation Measures: Restoring impacted systems
Incident : Ransomware NAT338072525
Third Party Assistance: CISA, Microsoft, MS-ISAC
Incident : Cyber Attack NAT242072325
Remediation Measures: Emergency security patches released by Microsoft
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through CISA, Microsoft, MS-ISAC.
Data Breach Information
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Restoring impacted systems, Emergency security patches released by Microsoft.
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through were Disconnecting affected servers and Immediate action to contain the threat.
Ransomware Information
Was ransomware involved in any of the incidents?
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Cyber Attack NAT242072325
Lessons Learned: The incident highlights the importance of supply chain security and the risks posed by on-premises enterprise software installations.
What recommendations were made to prevent future incidents?
Incident : Cyber Attack NAT242072325
Recommendations: Organizations running on-premises SharePoint environments are advised to immediately apply Microsoftโs security updates and conduct comprehensive incident response assessments to identify potential compromise indicators.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are The incident highlights the importance of supply chain security and the risks posed by on-premises enterprise software installations.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Organizations running on-premises SharePoint environments are advised to immediately apply Microsoftโs security updates and conduct comprehensive incident response assessments to identify potential compromise indicators..
References
Where can I find more information about each incident?
Incident : Cyberattack NAT349072525
Source: Bloomberg News
Incident : Cyberattack NAT349072525
Source: The Washington Post
Incident : Cyberattack NAT349072525
Source: Hackread.com
Incident : Ransomware NAT338072525
Source: Reuters
Incident : Ransomware NAT338072525
Source: Bloomberg
Incident : Ransomware NAT338072525
Source: Washington Post
Incident : Ransomware NAT338072525
Source: NextGov
Incident : Ransomware NAT338072525
Source: ESET
Incident : Cyber Attack NAT242072325
Source: Bloomberg
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Bloomberg News, and Source: The Washington Post, and Source: Hackread.com, and Source: Reuters, and Source: Bloomberg, and Source: Washington Post, and Source: NextGov, and Source: ESET, and Source: Bloomberg.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Cyberattack NAT349072525
Investigation Status: Ongoing
Incident : Ransomware NAT338072525
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Cyberattack NAT349072525
Entry Point: Microsoft SharePoint vulnerabilities
High Value Targets: NIH, NNSA, California Independent System Operator
Data Sold on Dark Web: NIH, NNSA, California Independent System Operator
Incident : Ransomware NAT338072525
Entry Point: Microsoft SharePoint vulnerability CVE-2025-49706
High Value Targets: Government organizations
Data Sold on Dark Web: Government organizations
Incident : Cyber Attack NAT242072325
Entry Point: Microsoft SharePoint Server
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Cyberattack NAT349072525
Root Causes: Zero-day vulnerabilities in Microsoft SharePoint
Corrective Actions: Patching vulnerabilities
Incident : Ransomware NAT338072525
Root Causes: Unpatched on-premises SharePoint systems exposed to the internet
Incident : Cyber Attack NAT242072325
Root Causes: Zero-day vulnerability in Microsoft SharePoint Server
Corrective Actions: Emergency security patches released by Microsoft
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as CISA, Microsoft, MS-ISAC.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patching vulnerabilities, Emergency security patches released by Microsoft.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Linen Typhoon, Violet Typhoon, Storm-2603, Storm-2603 and Chinese government-affiliated hacking groups.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2025-07-18.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident was None.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were NIH SharePoint server system, NNSA systems, California Independent System Operator and Governments and businesses around the world, including the National Nuclear Security Administration, National Institutes of Health, and Department of Homeland Security and Microsoft SharePoint Server.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was CISA, Microsoft, MS-ISAC.
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disconnecting affected servers and Immediate action to contain the threat.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was None.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The incident highlights the importance of supply chain security and the risks posed by on-premises enterprise software installations.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Organizations running on-premises SharePoint environments are advised to immediately apply Microsoftโs security updates and conduct comprehensive incident response assessments to identify potential compromise indicators..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are Bloomberg News, The Washington Post, Hackread.com, Reuters, Bloomberg, Washington Post, NextGov, ESET and Bloomberg.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Microsoft SharePoint vulnerabilities, Microsoft SharePoint Server and Microsoft SharePoint vulnerability CVE-2025-49706.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Zero-day vulnerabilities in Microsoft SharePoint, Unpatched on-premises SharePoint systems exposed to the internet, Zero-day vulnerability in Microsoft SharePoint Server.
What was the most significant corrective action taken based on post-incident analysis?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patching vulnerabilities, Emergency security patches released by Microsoft.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
