Russia-linked hackers posed as journalists to target staff at Britain’s Ministry of Defence in a cyber spying operation that was spotted and thwarted, Sky News reported on 29 May, citing the British government.
The attack was part of more than 90,000 cyber attacks from hostile states directed against UK military and defence structures over the past two years. This represented a doubling from the previous two years, according to the Ministry of Defence.
Defence Secretary John Healey said that the foiled hack during a visit to a secure facility in Wiltshire. The location houses the defence team that defeated the Russian cyber attack.
“The nature of warfare is changing,” Healey told journalists. “The keyboard is now a weapon of war and we are responding to that.”
The National Cyber Security Centre alerted the Ministry of Defence to a suspected spear phishing campaign late last year. The Global Operations Security Control Centre at MoD Corsham in Wiltshire identified the threat.
“MoD detected a spear phishing campaign targeting staff with the aim of delivering malware,” the NCSC analysis said. “The initial campaign consisted of two emails with a journalistic theme attempting to represent a news organisation.”
The hackers followed up with a second wave of attacks, which followed a financial theme, directing targets to a commercial file share, according to the NCSC.
Officials said it took about an hour to spot the attack. When asked what it felt like to discover the intrusion, one individual said “cool.”
The malware was linked to a Russian hacking group called RomCom, a second official said. The particular code had not been seen before. The British side gave it the name “Damascened Peacock.”
The increase in attacks is partly because the military is getting better at spotting attempts against its networks. However, the attacks are becoming more sophisticated and harder to combat, according to the report.
Healey said the government plans to invest more than £1bn ($1,4 bn) on improving its ability to hunt, locate and strike targets on the battlefield using digital technology. The response includes creating a new cyber command to oversee offensive and defensive cyber operations.
The revelations emerged as part of a long-awaited Strategic Defence Review. The review was launched by Sir Keir Starmer last July ahead of a major NATO summit in June.