MoD hit by major cyberattack

Hundreds of staff passwords leaked

A security breach has hit the Ministry of Defence (MoD) as passwords belonging to nearly 600 employees were stolen and leaked onto the dark web.

The cyberattack, believed to have been perpetrated by Russian hackers, has exposed sensitive information of both military personnel, civilian staff and defence contractors.

As reported by The i, the stolen data includes email addresses and login credentials for the Defence Gateway portal, a critical online platform used by British military personnel.

While the system itself doesn't store classified information, it is essential for internal communication, HR services and access to health records.

The majority of the affected employees are based in the UK, but a number are stationed overseas in countries like Iraq, Qatar and Cyprus, as well as mainland Europe.

Intelligence sources warn that this type of cyberattack is often the precursor to more sophisticated espionage activities, such as recruitment or blackmail.

"This type of activity is often the first stage of a covert recruitment operation by adversaries," one intelligence source told The i.

"There is a significant risk here of further blackmail to members of the armed forces using exfiltrated personal data," they added.

The MoD has acknowledged the breach and is working alongside the National Cyber Security Centre (NCSC) to investigate the incident and mitigate potential damage.

"We take a robust response to cyber threats which threaten our national interests and work round the clock to address vulnerabilities and protect critical services," a government spokesperson said.

"It is important for individuals and organisations to remain vigilant against the risks posed by information theft."

Early investigations suggest the hackers exploited vulnerabilities personal devices staff used to access the Defence Gateway, circumventing the platform's multi-factor authentication system.

While there is no evidence directly linking the attack to the Kremlin, the use of sophisticated Russian hacking tools suggests the involvement of state-sponsored groups. These tools have previously been deployed in high-profile cyberattacks targeting Western institutions.

The incident comes amidst heightened tensions between the UK and Russia, with the UK's intelligence services actively working to counter Russian aggression in Ukraine.

MI6's chief, Sir Richard Moore, recently warned about the potential for further Russian aggression in Eastern Europe and the growing threat posed by cyberattacks and other forms of espionage.

Recent cyberattacks on critical infrastructure, such as the NHS, have highlighted the potential for significant disruption and damage.

In March, ransomware group INC Ransom threatened to release a substantial cache of data stolen from NHS Dumfries and Galloway.

Last year, CommonSpirit Health, a healthcare system with over 140 hospitals and 700 care sites across the United States, experienced a cyberattack that postponed surgeries and doctor visits.

In 2022, a cyberattack against One Brooklyn Health, a hospital group in New York, forced staff members to resort to using paper records.