The US Energy Department, including its National Nuclear Security Administration (NNSA), which maintains America's nuclear weapons, was among the victims of the ransomware attack exploiting vulnerable on-premises SharePoint servers. The attack involved the deployment of Warlock ransomware by the threat group Storm-2603, which exploited security holes to compromise more than 400 organizations. The attackers disabled Microsoft Defender protections, stole user credentials, and moved laterally through the network, causing significant disruption and potential data loss.

The U.S. Department of Energy received ransom demands from the extortion gang Cl0p, which has ties to Russia, at both its nuclear waste site and scientific education facility that were recently targeted by a widespread hacking campaign. After hackers infiltrated the two DOE institutions' networks via a security hole in the file sharing programme MOVEit sharing, data was compromised at both locations. Since Burlington, Massachusetts-based Progress Software discovered the security hole in its MOVEit Transfer software last month, a variety of victims—from U.S. government departments to the UK's telecom regulator and petroleum giant Shell—have come forward. The representative claimed that the DOE received ransom demands in emails addressed to each facility, although she did not specify how much money was requested.