Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Geo Focus: The United Kingdom

Suspected Chinese Hackers Hacked UK Defense Contractor

Up to 270,000 Defense Staff Across the UK Affected by Hack
Suspected Chinese Hackers Hacked UK Defense Contractor
Secretary of State for Defense Grant Shapps addressed the House of Commons on May 7, 2024. (Image: Shutterstock)

Sensitive information of thousands of U.K. defense personnel was exposed to hackers after a threat actor with suspected ties to the Chinese government compromised the networks of a defense contractor.

See Also: Strengthening Your Security Program With Open API

Speaking at the House of Commons on Tuesday, Secretary of State for Defense Grant Shapps said the hack stemmed from an attack on defense contractor SSCL. It affected around 270,000 individuals, but the number of personnel whose data was compromised by the hackers may be lower, he said.

"Even though we don't think that data is necessarily stolen, the government is making the assumption that it has been to ensure that they are getting the support required," Shapps said, adding that the government has ordered a full review of SSLC's contracts with the ministry. SSCL did not immediately respond to a request for comment. The company touts itself as the "largest provider of critical business support services" for the British government and military.

The government is working with investigating agencies to determine the cause of the hack, Shapps said.

He did not immediately identify the threat actor, stating that "although there is malign campaign actor is involved, we are yet to make the connection."

Speaking to Sky News, British Conservative lawmaker Tobias Ellwood, said the attack on the Ministry of Defense was likely carried out by Chinese nation-state hackers.

The outlet reported the attacks stemmed from a payroll application used by the ministry that has been targeted at least three times by the attackers. The affected servers, which had not been connected to the ministry's main server, have been taken offline, Sky News reported.

The Guardian reported that exposed data included names and salary information and national security numbers. Hackers may have not have stolen the affected data.

A spokesperson for the U.K. Information Commissioner's Office told Information Security Media Group that the "Ministry of Defense has made us aware of this incident and we are assessing the information provided."

The disclosure from the U.K. government comes months after British Deputy Prime Minister Oliver Dowden publically attributed an attack on Inter-Parliamentary Alliance on China - an international pressure group of lawmakers dedicated to countering Beijing - to APT31 (see: UK Discloses Chinese Espionage Activities).

Also known as Violet Typhoon and Judgment Panda and active since at least 2017, the group carries out espionage attacks. U.S. federal prosecutors in March indicted seven Chinese nationals they accused of working as contractors for a front company used by APT31 (see: US Indicts Accused APT31 Chinese Hackers for Hire).

In 2023, the U.K. government revealed an unidentified Chinese actor was behind the attacks on the U.K. Electoral Commission that resulted in hackers copying voter register files (see: UK Electoral Commission Suffered 'Complex' Hack in 2021).

Ciaran Martin, the former head of the British National Cyber Security Center, said the incident falls within the norms of international cyberespionage activity. "Unlike plenty of other nation-state cyber ops, it does not seem at this stage that any norms have been broken," Martin said. "This seems to be spying on our government. No one, including the U.K., has seriously tried to argue for spying on governments to be prohibited."


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.