Russian-linked hackers posing as journalists targeted Ministry of Defence, government says
Russia-linked hackers posing as journalists targeted staff at Britain’s Ministry of Defence in a cyber spying operation that was spotted and thwarted, the government has revealed.
Details of the foiled hack emerged as Defence Secretary John Healey said the UK military is bolstering its own offensive capabilities to conduct cyber attacks against hostile states like Russia as part of a long-awaited review of UK defence.
The Strategic Defence Review is expected to be published on Monday. It was launched by Sir Keir Starmer last July and comes ahead of a major summit of NATO allies in June.
A major new podcast series by Sky News and Tortoise which begins on 10 June will explore the state of UK defences by running a wargame that simulates a Russian attack on the UK.
“The nature of warfare is changing,” Mr Healey told a group of journalists on a visit to a secure facility in Wiltshire where the defence team that defeated the Russian cyber attack is located.
“The keyboard is now a weapon of war and we are responding to that.”
Defence Secretary John Healey
Part of this response, announced on Thursday, includes the creation of a new cyber command to oversee offensive and defensive cyber operations.
The government also plans to invest more than £1bn on improving its ability to hunt, locate and strike targets on the battlefield, drawing on digital technology.
“In future conflict, those that prevail will be those who are not just better equipped and better trained, but better connected and also capable of innovating ahead of adversaries,” the defence secretary said.
The thwarted Russia-linked hack was one of more than 90,000 cyber attacks associated with hostile states that were directed against the UK military and other parts of defence over the past two years – a doubling from the previous two years, the Ministry of Defence said.
Part of the increase is because the military is getting better at spotting the attempts against its networks. However, it is understood the attacks are becoming more sophisticated – making them harder to combat.
Late last year, the National Cyber Security Centre (NCSC), which is part of GCHQ, alerted the Ministry of Defence to a suspected spear phishing campaign.
GCHQ’s headquarters. Pic: Shutterstock
The Global Operations Security Control Centre at MoD Corsham, in Wiltshire, which defends the Ministry of Defence’s networks in the UK and overseas, was tasked with identifying the threat.
The team worked on computers inside a large, windowless hall – filled with rows of desks and a bank of large screens along one wall.
“MoD detected a spear phishing campaign targeting staff with the aim of delivering malware,” the analysis by the NCSC said.
“The initial campaign consisted of two emails with a journalistic theme attempting to represent a news organisation. The second campaign followed a financial theme, directing targets to a commercial file share.”
The officials who were involved revealed details of the effort during the defence secretary’s visit to MoD Corsham this week.
One of the individuals said it took about an hour to spot the attack.
Asked what it felt like to discover the intrusion, the individual said “cool”.
Please use Chrome browser for a more accessible video player
‘Cyber crime costing world $9.2 trillion’
The malware was linked to a Russian hacking group called RomCom, a second official said.
The particular code that was used had not been seen before, so the British side gave it the name “Damascened Peacock”.
“Corsham is famous for peacocks,” they said.
The two officials are part of a team of cyber experts – a mix of military personnel, civil servants and civilian contractors – who work at the secure centre.
A key focus at the moment is protecting a major deployment by the Royal Navy’s aircraft carrier, HMS Prince of Wales, loaded with state-of-the-art F-35 fast jets and protected by a task force of warships, as it travels through the Red Sea off the coast of Yemen.
The carrier strike group is expected to pass through the Bab el-Mandeb Strait in the coming days – well within range of an Iranian-backed militia that has targeted British and American warships and well as commercial shipping with missiles.
Please use Chrome browser for a more accessible video player
HMS Prince of Wales begins deployment
The cyber experts, though, are trying to defend the deployment from cyber attacks.
Earlier in the month, US President Donald Trump struck a deal with Houthi militants to stop them from attacking ships, but the British side is still very alert to the potential threat.
“The strike group is going through what could be a high risk dangerous passage,” Mr Healey said.
The US is seeking the forfeiture of 20.2 BTC seized by the Dallas FBI from the Chaos ransomware group, adding to the country’s proposed Strategic Bitcoin Reserve.
Donald Trump has reignited his row with London mayor Sir Sadiq Khan after calling him a “nasty person” who has done “a terrible job”.
During an hour-long news conference with Sir Keir Starmer in Scotland, the US president hit out at the Labour mayor, who has responded with his own snipey remarks.
Trump latest: US leader gives Putin new deadline to end war
Asked if he would visit London during his state visit in September, Mr Trump said: “I will, I’m not a fan of your mayor, I think he’s done a terrible job.
“A nasty person, I think.”
The prime minister then interrupted and said: “He’s a friend of mine.”
But the president added: “I think he’s done a terrible job but I will certainly visit London, I hope so.”
Sir Sadiq’s spokesperson then released a statement saying: “Sadiq is delighted that President Trump wants to come to the greatest city in the world.
“He’d see how our diversity makes us stronger not weaker; richer, not poorer.
“Perhaps these are the reasons why a record number of Americans have applied for British citizenship under his presidency.”
Sir Sadiq Khan was knighted in June. Pic: PA
They noted that Sir Sadiq has won three mayoral elections, including when Mr Trump lost the US election in 2020.
This is not the first time Mr Trump and Sir Sadiq have locked horns.
Read more:
US and EU agree trade deal
Scots divided as Trump heads to Turnberry
The PM told Mr Trump that Sir Sadiq is a friend of his – seen here laying wreaths for the anniversary of the 7/7 bombings. Pic: PA
During his first presidential term, Mr Trump called the London mayor a “stone cold loser who should focus on crime in London”.
Sir Sadiq then described Mr Trump as a “poster boy for racists”.
And in November 2024, after Mr Trump won his second term, Sir Sadiq said many Londoners would be “fearful” about what it would “mean for democracy”.
However, as Sir Keir tried to show diplomacy with Mr Trump after becoming PM, Sir Sadiq said he “wanted to work closely with the American president” ahead of his inauguration in January.
The London mayor said as somebody “who believes in democracy, and voting and elections, we should recognise the fact that Donald Trump is the elected president of the United States”.
But he added: “Let’s keep our fingers crossed that this president is different from the last time he was president.”
The SEC delayed decisions on the Truth Social Bitcoin ETF and Grayscale’s Solana Trust, extending review periods as the US Congress moves with crypto regulation.
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike