The Ministry of Defense is investigating a security breach after hundreds of computer login details for its employees were stolen and posted on the dark web. Eye paper can show.
The emails and passwords of around 600 UK armed forces personnel, MOD According to records shown to this newspaper, government employees and defense contractors have been stolen by cybercrime groups since 2020.
The stolen data included email addresses and other login information required for the MoD’s Defense Gateway portal – a secure online platform for all British military personnel. Although the system does not contain classified information, according to the MOD it is essential for staff communication and provides access to human resources and health data.
Many of the exposed employees are based in the UK, but MOD staff accounts based in Iraq, Qatar, Cyprus and mainland Europe were also hacked, potentially presenting a significant security risk.
The MOD has said. Eye paper They are constantly investigating credential theft, with the government’s National Cyber Security Center (NCSC) searching the dark web and “repatriating” anything stolen. It is believed that much of the data to access the Defense Gateway platform was stolen using the personnel’s own personal devices.
Cyber security experts believe there is a risk that hackers could gain access to other sensitive credentials of MOD staff including private email accounts, online banking, and social media accounts that could pose a potential blackmail threat.
An intelligence source said: “This type of activity is often the first step in a covert recruitment operation by adversaries. Stolen data provides hackers with personal information that adversaries then use to coerce or blackmail employees.” “Can” who had seen the stolen data believe it posed a greater threat to the individual than to the organization.
“There is a significant risk of further blackmailing members of the armed forces using gratuitous personal data,” he said. Eye paper. “These are new techniques that adversaries use to infiltrate the UK.”
Alvin Gall, chief technical officer at cybercrime intelligence firm Hudson’s Rock, said: “Such credential theft can pose significant security challenges, including supply chain risks, and an attacker’s migration to connected platforms. ability,”
He added: “For Ministry of Defense personnel and contractors, this would jeopardize broader operational security and could expose sensitive data.”
Analysis: The cyber threat facing the UK
The use of cyber attacks has become a common part of modern warfare. This year alone, Kremlin-backed hackers have caused catastrophic disruption to the NHS, significantly compromised our vital emergency services, and created an impressive arsenal of sensitive data to fuel further attacks on Britain’s critical infrastructure. can be done.
In an era where integrated online systems are essential to the day-to-day running of our critical services and military defense, it is imperative that adequate measures are taken to protect these systems and prevent hackers, state-affiliated or otherwise, from accessing them. Disturbance and chaos should be avoided. .
Impressive dynamic hacking software known as infostealers significantly increases this risk. The sophisticated tool quickly extracts data from devices after victims click on fake links or ads, download fake software updates or fall victim to phishing emails. These tools can be purchased on Russian markers for around US$150 per month and can be used to raid systems for valuable data including login credentials, browser cookies, cryptocurrency wallets and system data.
The stolen information is then sold on underground markets to other affiliated criminals to carry out further attacks on organizations, making it one of the most dynamic and pressing cyber security threats.
As Russia’s hybrid war against the West intensifies and campaigns to sabotage European supply chains, disrupt travel networks, and instill fear in everyday minds, the effects of infostalkers are increasingly recognized. has been, and tested our resilience against these attacks
Speaking to reporters earlier this month, MI5 director Ken McCallum declared that Russia was on a mission to “wreak havoc” across Britain. As part of this, he said we should “expect more scrutiny – and defeating places” – of the West’s cyber defences.
Content was shared with Eye paper Amid the UK’s current response to cyber warfare, and concerns over the use of hacks by adversaries such as Russia to attack UK infrastructure.
It is believed that the information was stolen using Russian hacking tools although there is no evidence that the hack was directed by the Kremlin.
The newspaper previously revealed that a network of Russian hackers has been using a database of data stolen from UK firms and government departments for cyber attacks since 2018. They operate across Eastern Europe, including Russia, Belarus and Moldova, but deliver information to servers based in Russia, where it can be accessed by Russian state authorities. The network has been dubbed “Cyberwagon” by some intelligence sources – after the Russian mercenary group.
A British intelligence source said he believed Putin was using crime syndicates to attack opponents as part of hybrid warfare tactics in exchange for the British government’s support for Ukraine.
An official source Note that stolen information may not be current, and not all compromised password defenses will still work for the gateway. But in this year alone, the portal had 124 compromised users, the intelligence showed.
Details of the latest security breach emerged after iPaper revealed a Kremlin-protected hacking syndicate Successfully compromised the security of the ambulance service. and a key IT supplier to the MOD. The revelations increase pressure on UK agencies to crack down on a massive cyber campaign that UK intelligence sources say the Kremlin is using to foment chaos in the UK.
A government spokesman said: “We have a robust response to cyber threats that threaten our national interests and work around the clock to address threats and protect critical services.
“It is important for individuals and organizations to remain vigilant against the threats posed by information theft.”
How to protect data
Cybercriminals can now hack into devices using hacking software known as infostealers and extract even the strongest passwords. If you use the same password for multiple accounts, a stolen password can be used to access all of them. But using two-step verification helps prevent cybercriminals from accessing your account, even if they know your password.
Two-step or multi-factor authentication provides a way to double-check that you really are who you say you are when using an online service, such as banking, email or social media. You should set up two-step verification on all accounts that would hurt you the most if they were compromised.
Some online services, such as banking, may already have this turned on. But most don’t, so you’ll need to switch it on yourself for extra protection.