Cyberattack targets UK Ministry of Defence (MoD), leaking hundreds of employee credentials

The UK Ministry of Defence (MoD) has suffered a significant cyber breach, with the passwords of nearly 600 employees stolen and leaked onto the dark web. The attack, attributed to Russian hackers, exposed sensitive login credentials and email addresses for the Defence Gateway portal, a critical online platform used by British military personnel for internal communication, HR services, and accessing health records.

Although the Defence Gateway does not house classified information, the breach raises serious concerns about the security of MoD operations and the potential for espionage or blackmail targeting military personnel, civilian staff, and defense contractors.

The stolen data includes credentials belonging to UK-based and overseas personnel, with affected employees stationed in Iraq, Qatar, Cyprus, and mainland Europe. Early investigations suggest that hackers exploited personal devices’ vulnerabilities to access the Defence Gateway, bypassing the platform’s multi-factor authentication system.

Intelligence sources warn that this attack could be a precursor to more sophisticated espionage activities. "This type of activity is often the first stage of a covert recruitment operation by adversaries," an intelligence official told The i. "There is a significant risk here of further blackmail to members of the armed forces using exfiltrated personal data."

In collaboration with the National Cyber Security Centre (NCSC), the MoD has launched an investigation into the breach and is taking steps to mitigate its impact. "We respond robustly to cyber threats that threaten our national interests and work round the clock to address vulnerabilities and protect critical services," a government spokesperson stated.

The MoD breach follows a series of significant cyberattacks on critical infrastructure worldwide, emphasizing the growing threat of ransomware and hacking campaigns. Earlier this year, NHS Dumfries and Galloway faced ransomware threats from INC Ransom, while past attacks against healthcare providers such as CommonSpirit Health in the U.S. caused widespread disruption.