Russia-linked hackers posing as journalists targeted staff at Britain’s Ministry of Defence in a cyber spying operation that was spotted and thwarted, the government has revealed.
Details of the foiled hack emerged as Defence Secretary John Healey said the UK military is bolstering its own offensive capabilities to conduct cyber attacks against hostile states like Russia as part of a long-awaited review of UK defence.
The Strategic Defence Review is expected to be published on Monday. It was launched by Sir Keir Starmer last July and comes ahead of a major summit of NATO allies in June.
“The nature of warfare is changing,” Mr Healey told a group of journalists on a visit to a secure facility in Wiltshire where the defence team that defeated the Russian cyber attack is located.
“The keyboard is now a weapon of war and we are responding to that.”
Image: Defence Secretary John Healey
Part of this response, announced on Thursday, includes the creation of a new cyber command to oversee offensive and defensive cyber operations.
More on Defence
Related Topics:
The government also plans to invest more than £1bn on improving its ability to hunt, locate and strike targets on the battlefield, drawing on digital technology.
“In future conflict, those that prevail will be those who are not just better equipped and better trained, but better connected and also capable of innovating ahead of adversaries,” the defence secretary said.
The thwarted Russia-linked hack was one of more than 90,000 cyber attacks associated with hostile states that were directed against the UK military and other parts of defence over the past two years – a doubling from the previous two years, the Ministry of Defence said.
Part of the increase is because the military is getting better at spotting the attempts against its networks. However, it is understood the attacks are becoming more sophisticated – making them harder to combat.
Late last year, the National Cyber Security Centre (NCSC), which is part of GCHQ, alerted the Ministry of Defence to a suspected spear phishing campaign.
Image: GCHQ’s headquarters. Pic: Shutterstock
The Global Operations Security Control Centre at MoD Corsham, in Wiltshire, which defends the Ministry of Defence’s networks in the UK and overseas, was tasked with identifying the threat.
The team worked on computers inside a large, windowless hall – filled with rows of desks and a bank of large screens along one wall.
“MoD detected a spear phishing campaign targeting staff with the aim of delivering malware,” the analysis by the NCSC said.
“The initial campaign consisted of two emails with a journalistic theme attempting to represent a news organisation. The second campaign followed a financial theme, directing targets to a commercial file share.”
The officials who were involved revealed details of the effort during the defence secretary’s visit to MoD Corsham this week.
One of the individuals said it took about an hour to spot the attack.
Asked what it felt like to discover the intrusion, the individual said “cool”.
Please use Chrome browser for a more accessible video player
1:14
‘Cyber crime costing world $9.2 trillion’
The malware was linked to a Russian hacking group called RomCom, a second official said.
The particular code that was used had not been seen before, so the British side gave it the name “Damascened Peacock”.
“Corsham is famous for peacocks,” they said.
The two officials are part of a team of cyber experts – a mix of military personnel, civil servants and civilian contractors – who work at the secure centre.
A key focus at the moment is protecting a major deployment by the Royal Navy’s aircraft carrier, HMS Prince of Wales, loaded with state-of-the-art F-35 fast jets and protected by a task force of warships, as it travels through the Red Sea off the coast of Yemen.
The carrier strike group is expected to pass through the Bab el-Mandeb Strait in the coming days – well within range of an Iranian-backed militia that has targeted British and American warships and well as commercial shipping with missiles.
Please use Chrome browser for a more accessible video player
0:57
HMS Prince of Wales begins deployment
The cyber experts, though, are trying to defend the deployment from cyber attacks.
Earlier in the month, US President Donald Trump struck a deal with Houthi militants to stop them from attacking ships, but the British side is still very alert to the potential threat.
“The strike group is going through what could be a high risk dangerous passage,” Mr Healey said.
A group of Senate Democrats has probed Federal Housing Finance Agency director William Pulte over his order to propose how to consider crypto in mortgage applications.
Gaza and transatlantic trade are set to dominate talks between Donald Trump and Sir Keir Starmer when the pair meet in Scotland on Monday.
Downing Street said the prime minister would discuss “what more can be done to secure the ceasefire [in the Middle East] urgently”, during the meeting at the president’s Turnberry golf course in Ayrshire.
Talks in Qatar over a ceasefire ended on Thursday after the US and Israel withdrew their negotiating teams.
Mr Trump blamed Hamas for the collapse of negotiations as he left the US for Scotland, saying the militant group “didn’t want to make a deal… they want to die”.
Sir Keir has tried to forge close personal ties with the president, frequently praising his actions on the world stage despite clear foreign policy differences between the US and UK.
The two leaders are expected to discuss this agreement when they meet, with the prime minister likely to press the president for a lowering of outstanding tariffs on imports such as steel.
Prior to the visit, the White House said the talks would allow them to “refine the historic US-UK trade deal”.
Extracting promises from the president on the Middle East may be harder though.
Please use Chrome browser for a more accessible video player
1:30
Should aid be dropped into Gaza?
Despite some reports that Mr Trump is growing frustrated with Israel, there is a clear difference in tone between the US and its Western allies.
As he did over the Ukraine war, Sir Keir will have to walk a diplomatic line between the UK’s European allies and the White House.
Please use Chrome browser for a more accessible video player
0:45
Trump: ‘It doesn’t matter what Macron says’
The UK, French and German leaders spoke over the weekend and agreed to work together on the “next phase” in Gaza that would see transitional governance and security arrangements put in place, alongside the large-scale delivery of aid.
Under pressure from members of his own party and cabinet to follow France and signal formal recognition of Palestine, Sir Keir has gradually become more critical of Israel in recent months.
On Friday, the prime minister said “the starvation and denial of humanitarian aid to the Palestinian people, the increasing violence from extremist settler groups, and Israel’s disproportionate military escalation in Gaza are all indefensible”.
Government sources say UK recognition is a matter of “when, not if”, however, it’s thought Downing Street wants to ensure any announcement is made at a time when it can have the greatest diplomatic impact.
Please use Chrome browser for a more accessible video player
1:19
Baby Zainab starved to death in Gaza
Cabinet ministers will be convened in the coming days, during the summer recess, to discuss the situation in Gaza.
The UK has also been working with Jordan to air drop supplies, after Israel said it would allow foreign countries to provide aid to the territory.
Downing Street says Ukraine will also likely be discussed in the meeting with both men reflecting on what can be done to force Russia back to the negotiating table.
After the meeting at Turnberry, the prime minister will travel with the president to Aberdeen for a private engagement.
Mr Trump is also expected to meet Scottish First Minister John Swinney while in the country.
The US housing regulator’s decision to recognize crypto assets in mortgage applications marks a historic shift from exclusion to integration, opening new pathways to homeownership.