Share this article on:
The UK Ministry of Defence (MOD) is set to announce details of a cyber attack targeting one of its contractors, which may have exposed details of military personnel and veterans.
According to the UK’s SkyNews, Chinese-state hackers are believed to have been behind the attack, which targeted the IT systems of a UK MOD contractor, containing the names, bank details and some addresses of current personnel, reservists, and veterans.
The attack, which was confirmed by a source close to the matter, targeted a contractor responsible for payroll systems. Despite this, salaries for the month will not be impacted, and personnel will still be paid.
Investigations to date conducted by the MOD have so far found nothing to indicate that exposed data was exfiltrated from the contractors’ systems, but the possibility has not been ruled out.
The MOD has commissioned another external contractor to monitor web activity and search for any indicators that data has been exfiltrated and leaked. Additionally, the MOD has engaged the assistance of private security specialists, intelligence firms and the Cabinet Office for the investigation.
While the MOD has confirmed that the attack was on the contractors’ systems and that its own systems were not affected, it has so far provided no other details of the cyber attack.
Defence Secretary Grant Shapps is expected to provide details of the attack in a statement to members of paliament (MPs) on Tuesday (7 May), UK time. While it is not expected that China will be specifically named as to blame for the attack, Shapps is expected to attribute the attack to a hostile nation.
Speaking with SkyNews, former British soldier and Conservative MP Tobias Ellwood said China “was probably looking at the financially vulnerable with a view that they may be coerced in exchange for cash”, indicating that this may not have been an attack on national security but rather the theft of financial information which would then be held to ransom or used in phishing attempts.
News of the MOD attack coincides with another threat actor claiming to have stolen the login information of over a million personnel from the UK government.
According to a BreachForums post by a threat actor called “USDoD”, a network misconfiguration issue allowed unauthorised access, leading to data exfiltration.
“The UK gov system had a misconfigured cdn issue that expose a lot of their users,” the threat actor said.
“I was able to extract more than 1M of users and a few more data.”
Within the post, the threat actor posted a “partial database” containing the username and password data of over 80,000 users.
The database contains details for what appears to be a broad range of accounts, from immigration and visa services logins to MOT testing, tax services, apprenticeship details, and COVID-19 testing.
“I plan to release every data on UK gov I will just wait for the right moment,” the threat actor said.
“This is a friendly warning that I’m following every single action around the globe.”