Ministry of Defence ‘targeted by Chinese hack’

Gwyn Wright
Chinese President Xi Jinping speaks during a toast at an official state dinner as part of the Chinese president's two-day state visit to France, at the Elysee Palace in Paris, France, May 6, 2024.
Xi Jinping, the Chinese president, in France on Monday. China is reportedly responsible for a cyber attack aimed at the MoD - Ludovic Marin/Pool via REUTERS

China has hacked the Ministry of Defence, The Telegraph understands.

Hackers gained access to payroll information including names, bank details and some addresses of serving personnel, reservists and veterans, in the data breach.

MPs are to be told about the cyber attack on Tuesday and an investigation has been launched into how such sensitive information could have been accessed.

The MoD has not confirmed which country was behind the hack, but The Telegraph understands it was China.

It comes after Chinese-state backed hackers targeted the Electoral Commission and accessed the voting records of 40 million people.

The commission attack was identified in October 2022, but the hackers had been able to access its systems for more than a year, since August 2021.

They also targeted MPs and staff from the White House and US defence agencies.

About 2,000 people are thought to have been affected, although the number of addresses that have been compromised is understood to be far fewer.

Veterans may be affected

The cyber attack is thought to have been on a payroll system operated by a contractor external to the MoD.

The system, which is the main mechanism for administering pay and expenses for service personnel, is separate from the wider MoD infrastructure. It was immediately taken offline.

It is not known if the contractor is responsible for any other part of the MoD infrastructure or whether the company was targeted specifically because of a known vulnerability in its systems.

The attack, which is thought to have taken place in recent days, would not have been able to access any personal details of special forces personnel as they are administered through a separate system. However, some veterans who have left the Armed Forces in recent years may have been affected.

The MoD is expected to contact anyone whose details have been compromised over the next few days.

All salary payments will be made as normal but some expenses payments may be delayed as a result of the attack.

Officials are said to be working to understand the scale of the breach, which could raise questions about whether allies with strained relationships with China wish to share sensitive intelligence with the UK.

In December, a Foreign Office minister told the Commons private conversations of high-profile politicians and civil servants were compromised by Russia’s principal security service the FSB during “sustained” attempts to interfere in British politics.

A cyber influence campaign by a group known as Star Blizzard, “almost certainly” a subordinate of an FSB cyber unit, had “selectively leaked and amplified information” since 2015.

Previous attacks against the UK

March 2024: The UK and the United States accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.

Britain publicly blamed China for targeting the Electoral Commission watchdog and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.

December 2023:A Foreign Office minister told the Commons that private conversations of high-profile politicians and civil servants were compromised by Russia’s principal security service during “sustained” attempts to interfere in UK politics.

A cyber influence campaign by a group known as Star Blizzard, “almost certainly” a subordinate of an FSB cyber unit, had “selectively leaked and amplified information” since 2015.

July 2022: The British Army confirmed a “breach” of its Twitter and YouTube accounts. The channel featured videos on cyptocurrency and images of billionaire businessman Elon Musk.

The official Twitter account had retweeted a number of posts appearing to relate to NFTs (non-fungible tokens).

April 2021: Britain accused Russia’s foreign intelligence service of being behind a major cyber attack on the West.

The Foreign, Commonwealth and Development Office (FCDO) said the National Cyber Security Centre (NCSC) had assessed that it was “highly likely” the SVR was responsible for the so-called SolarWinds hack.

July 2020: Britain, the United States and Canada accused Russian spies of targeting scientists seeking to develop a coronavirus vaccine.

The three allies said hackers linked to Russian intelligence were seeking to steal the secrets of research bodies around the world, including in the UK.

Advertisement