UK's Defence Ministry hit by cyber attack with 'Chinese hallmarks'

Cyber experts say that data could be used to blackmail senior military figures over financial issues

Armed police officers and a soldier stand outside the Ministry of Defence in London. Reuters
Powered by automated translation

Chinese hackers are suspected of having infiltrated a payroll system for the Ministry of Defence, potentially compromising the bank details of all serving armed forces personnel and some veterans.

Cyber security experts have told The National that the hack could be used to blackmail senior British military figures with potential access to sensitive financial information.

Defence Secretary Grant Shapps is due to be questioned in the House of Commons on Tuesday about the hack, which may have also accessed a “very small number” of addresses.

The department took immediate action when it discovered the breach, taking offline the external network operated by a contractor.

It is understood that initial investigations found no evidence that data had been removed. However, affected service personnel will be alerted as a precaution and provided with specialist advice.

China said on Tuesday that it “firmly opposes and fights all forms of cyber attack”.

The scale of the hack suggests it was a “state actor” which could also have been probing to see what vulnerabilities it could find for future attacks, said Kailyn Johnson, a cyber intelligence analyst at Sibylline, a security company.

However, the biggest concern for the Minister of Defence was that its personnel could be subject to extortion after the hackers probably obtained their bank details.

“There is the possibility that they could then be exploited for blackmail or to further extort these people,” she said.

However, the hackers might also use the information to enter sensitive defence networks for “strategic targets for future fishing operations to then try to actually attack and infect those and sensitive systems directly”.

The cyber expert said that this also demonstrated that government agencies had a vulnerability through the contractors they used in the supply chain.

“The MOD probably needs to undertake better security protocols, and a more hands-on approach with these organisations to ensure that their own information is secure,” she said.

Mel Stride, a government minister, said the database had been taken offline quickly but refused to blame China.

“The MoD has acted very swiftly to take this database offline. It's a third-party database and certainly not one run directly by the MoD,” he said on Tuesday.

However, MP Tobias Ellwood, a Conservative former minister, said the digital onslaught against a third-party payroll system used by the Ministry of Defence had all the hallmarks of a Chinese cyberattack.

The former chairman of the Commons Defence Committee told the BBC's Radio 4 Today programme: “Targeting the names of the payroll system and service personnel's bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.”

China had been caught trying to gain information from RAF pilots in the past, he said.

While not directly blaming Beijing for the attack, the Prime Minister’s official spokesman told journalists that there had been previous “malicious cyber activity from Chinese state-affiliated actors”.

He added that Britain had made clear that China was a “state-based threat to our economic security” and that “we've seen threatening behaviour that we will not stand for and we will call out to protect UK interests at all times”.

The Defence Ministry has been working to uncover the scale of the attack since it was discovered several days ago.

Labour's shadow defence secretary, John Healey, said: “So many serious questions for the Defence Secretary on this, especially from forces personnel whose details were targeted.

“Any such hostile action is utterly unacceptable.”

In March, the UK and the US accused China of a global campaign of “malicious” cyber attacks, in an unprecedented joint operation.

Britain blamed Beijing for digital attacks on the Electoral Commission watchdog in 2021 and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.

In response to the Beijing-linked hacks on the Electoral Commission and 43 people, a front company, Wuhan Xiaoruizhi Science and Technology Company, and two people linked to the APT31 hacking group were hit with sanctions.

However, some MPs said the response did not go far enough and urged the government to toughen its stance.

Conservative former leader Sir Iain Duncan Smith repeated those calls, calling China a “malign actor” and saying it was “yet another example of why the UK government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that”.

Updated: May 07, 2024, 11:48 AM