The Fermi National Accelerator Laboratory (Fermilab), one of the U.S. Department of Energy’s (DOE) premier research facilities, has confirmed it was targeted in a recent cyberattack. The incident, part of a wider global campaign exploiting vulnerabilities in Microsoft’s SharePoint software, saw attackers attempt to access Fermilab’s SharePoint servers.
According to a DOE spokesperson, the threats were “quickly identified” due to robust cybersecurity measures implemented by the DOE Office of Science. The impact on Fermilab was minimal, with no sensitive or classified information compromised. Fermilab’s servers have since been restored and are operating normally.
The breach at Fermilab highlights a persistent issue with a critical flaw in Microsoft’s SharePoint server software. Although Microsoft released a security patch last month to address the vulnerability, which was first identified in May 2025, cybersecurity experts indicate that the fix was incomplete, leaving systems still exposed. This unpatched flaw has reportedly led to a sweeping global cyber espionage operation, impacting over 400 government agencies and businesses worldwide, including the U.S. National Nuclear Security Administration.
Microsoft has attributed at least some of these attacks to China-backed groups, specifically naming “Linen Typhoon,” “Violet Typhoon,” and “Storm-2603.” While China’s embassy has denied involvement and condemned “smearing others without solid evidence,” the pattern of attacks suggests a coordinated effort to exploit the SharePoint vulnerability.
Fermilab, established in 1967, is renowned for its cutting-edge research in particle physics, exploring the fundamental building blocks of matter and energy and probing the farthest reaches of the universe for dark matter and dark energy. While the laboratory is not directly involved in nuclear weapons development, its affiliation with the Department of Energy makes it a high-value target for sophisticated cyber actors.
The incident serves as a stark reminder for organizations, especially those in critical infrastructure and research, to diligently apply all available security patches and verify their effectiveness. The ongoing threat posed by such vulnerabilities underscores the continuous need for proactive cybersecurity strategies and vigilance against evolving cyber espionage campaigns.
