On Thursday, Politico reported the hackers broke into the US Energy Department and National Nuclear Security Administration, which maintains the country's nuclear weapons stockpile. However, it remains unclear what the culprits might have accessed. On the same day, the cybersecurity division under the Department of Homeland Security warned the massive breach was pulled off using a variety of tactics. “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the Cybersecurity and Infrastructure Security Agency said in the alert. The additional "access vectors" refers to a report from the cybersecurity firm Volexity, which revealed evidence the same culprits hacked a think tank by exploiting a vulnerability in its Microsoft Exchange Control Panel. The attackers then bypassed the multi-factor authentication system to access a victim's email inbox.