A recent cybercrime spree has seen Russian hackers steal hundreds of Ministry of Defence (MoD) emails and passwords, which were then posted on the dark web. The MoD has launched an investigation into the incident after discovering that logins belonging to 595 military personnel, MoD civil servants, and defence contractors have been compromised since 2020. The affected individuals are primarily based in the UK, but staff located overseas, including in Iraq, Qatar, Cyprus, and mainland Europe, also had their account details exposed. The stolen information, which includes email addresses and access details for the MoD’s Defence Gateway portal, does not contain classified information but is crucial for staff communication and access to human resources and health data.
The stolen data was believed to have been obtained using Russian hacking tools, although there is no evidence to suggest that the Kremlin directed the hack. Intelligence sources have indicated that this type of activity could potentially be linked to covert recruitment operations by adversaries, as stolen data can be used for coercion or blackmail. The theft of credentials from MoD personnel and contractors poses significant security challenges, such as supply chain risks and the ability for attackers to move laterally across connected platforms. The Defence Gateway portal, which provides access to various Defence web applications, can only be accessed using multi-factor authentication, but the breach has raised concerns about broader operational security and the exposure of sensitive data.
The majority of the stolen data was reportedly taken by hackers using staff members’ personal devices to access the online platform. Cyber security experts have warned that there is a risk of hackers accessing other sensitive credentials of MoD staff, including private email accounts, online banking, and social media accounts, which could potentially lead to blackmail attempts. The MoD is currently working with the National Cyber Security Centre (NCSC) to investigate and remediate the loss of credentials as quickly as possible. Measures are being taken to educate personnel on the importance of keeping their personal devices updated and ensuring broader personal security. Technical measures are also being implemented to identify at-risk accounts and prevent exploitation by malicious actors.
In response to the cyber threats that pose a risk to national interests, the government has emphasized the need for vigilance against information theft. A government spokesperson highlighted the importance of addressing vulnerabilities and protecting critical services around the clock. It is crucial for individuals and organizations to remain aware of the risks posed by cyber attacks and to take proactive measures to safeguard their information. The MoD’s ongoing investigation into the breach, along with collaboration with the NCSC, aims to address the security implications of the stolen credentials and prevent further unauthorized access to sensitive data. The incident serves as a reminder of the evolving nature of cyber threats and the importance of maintaining robust cybersecurity measures to defend against potential breaches.
