According to a source involved in the facility’s August incident response, hackers breached the Kansas City National Security Campus (KCNSC), a critical manufacturing site under the U.S. National Nuclear Security Administration (NNSA). The intruders exploited an unpatched Microsoft SharePoint vulnerability.
The target of the attack was a plant that, under NNSA’s supervision, manufactures the vast majority of key components for the U.S. nuclear arsenal. The NNSA is a semiautonomous agency within the Department of Energy (DOE) responsible for the design, production, and maintenance of the U.S. nuclear stockpile. Honeywell Federal Manufacturing & Technologies (FM&T) manages the Kansas City campus under contract with the NNSA.
Throughout September, the Kansas City campus, Honeywell FM&T, and the Department of Energy did not respond to multiple requests for comment. Eddie Bennett, a public affairs officer for the National Nuclear Security Administration, responded, stating, “We have no information to provide,” and redirected the inquiry back to the Department of Energy.