The U.S. National Reconnaissance Office (NRO) has confirmed a recent cyber intrusion affecting its unclassified Acquisition Research Center (ARC) portal, a network separate from its classified internal systems. While the agency asserts that no classified information was exposed, the incident highlights ongoing concerns over the security of government infrastructure in the wake of widespread cyberattacks exploiting Microsoft SharePoint vulnerabilities.
According to the NRO, attackers gained “limited access” to its networks via the ARC, a vendor-facing site used to support unclassified government acquisition research and contracting efforts. The breach is currently under investigation by the NRO in collaboration with federal law enforcement agencies. Although the NRO has provided assurances that sensitive classified data and details about awarded contracts remain secure, the agency has not addressed whether the intrusion is linked to the recently disclosed SharePoint vulnerability (CVE-2025-53770). This flaw has been used to compromise dozens of organizations, including several government agencies, over the past several weeks.
Among the data potentially exposed are proprietary and personally identifiable details submitted by vendors, as well as sensitive—but unclassified—information relating to technology acquisition initiatives. Notably, media reports suggest that the incident may have affected information tied to the CIA’s “Digital Hammer” program, which focuses on advanced surveillance and intelligence-gathering technologies.
The NRO has declined to elaborate on whether the attack vector in this case overlaps with those used in the broader wave of SharePoint-based cyberattacks. This lack of clarity leaves open questions about the overall risk to other government entities relying on similar vendor-facing platforms.
Key Points
- The NRO confirms that its unclassified ARC portal suffered a breach, impacting vendor and acquisition data.
- There is no evidence that classified systems or data were compromised.
- The agency has not confirmed or denied a connection to the Microsoft SharePoint vulnerability currently affecting other organizations.
- Unclassified but sensitive information—possibly including data about the CIA’s Digital Hammer program—may have been exposed.
This incident underscores the persistent threat posed by software vulnerabilities to governmental operations and highlights the importance of robust cybersecurity measures, particularly for platforms handling sensitive procurement and acquisition data. The NRO and its federal partners continue to investigate the source and scope of this intrusion.
