Blame placed in China in initial investigation.
The payroll of the UK’s Ministry of Defence has experienced a data breach, where a number of details may have been accessed.
Media reports claim a third-party payroll system used by the MoD, which includes names and bank details of current and past members of the armed forces, was targeted in an attack.
Whilst the MoD has not issued any comment at the time of publishing, it is known the Oayroll was managed by an external source, and the department took the external network offline.
Attribution for the attack is currently being placed on China, who were named in March as having been responsible for two malicious cyber campaigns targeting democratic institutions and parliamentarians.
Government Statement
In a statement to parliament, secretary of state for defence Grant Shapps said “a malign actor gained access to part of the armed forces payment network” and confirmed that the payroll system is not connected to the main military human resources system. Following the incident, the MoD undertook “significant and immediate action” and launched a full investigation, alerting those service personnel affected and stopping the processing of all payments and isolating the affected system.
Shapps said for reasons of national security, further details cannot be released of the suspected cyber-activity behind the incident, but he said there are “indications that this was the suspected work of a malign actor, and we cannot rule out state involvement.”
He also confirmed the “malign actor” compromised a contractor-run network, and he said there is evidence of potential failings by that contractor, “which may have made it easier for the malign actor to gain entry.”
He confirmed that a specialist security review of the contractor and its operations is under way, and appropriate steps will be taken. The company was identifed as SSCL in media reports; the company had not issued a statement at the time of publishing.
China's Response
In a statement, the Chinese Embassy in the UK called the accusation "nothing but a fabricated and malicious slander" and "extremely absurd and despicable" in a statement.
Its spokesperson said that China has "been fighting cyberattacks according to law" and it "firmly oppose any groundless accusations against China out of political motives." It urged the UK to "stop spreading disinformation, and stop such self-staged political farces."
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.