UK blames Russia for defence ministry payroll hack

British Defence Secretary Grant Shapps on Tuesday said that a ''malign actor'' was behind a massive data breach involving the Ministry of Defence, targeting service personnel from the Royal Navy, Army and Royal Air Force, as he underlined that ''state involvement'' in the large-scale cyber attack cannot be ruled out.

Earlier, the BBC had reported that the government suspects China was behind the hack of the armed forces payroll system that is run by an external contractor and includes data of both current and some past armed forces members.

Shapps told Parliament that the government cannot rule out ''state involvement'' in the cyber attack but stopped short of naming any particular country. ''This was the suspected work of a malign actor and we cannot rule out state involvement," Shapps told the House of Commons.

"This is an external system completely separate to the core network, and it's not connected to the main military system. The House will wish to know that it is operated by a contractor and there is evidence of potential failings by them, which may have made it easier for the malign actor to gain entry," he said.

Ahead of an official defence ministry statement in the House of Commons, British Prime Minister Rishi Sunak told reporters during a visit to a football academy in London that ''there are indications that a malign actor has compromised the armed forces' payment network''. ''I do want to reassure people that the Ministry of Defence has already taken the action of removing the network offline and making sure that people affected are supported in the right way,'' said Sunak.

He would be drawn on UK media reports pointing the finger at China, saying only that Britain was facing "an axis of authoritarian states, including Russia, Iran, North Korea and China" that "pose a risk to our values, our interests and, indeed, our country".

Meanwhile, China's foreign ministry reacted sharply to UK media reports to say it ''firmly opposes and fights all forms of cyber attacks'' and ''rejects the use of this issue politically to smear other countries''.

''The so-called cyber attacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations. China has always firmly fought all forms of cyber attacks according to law," a spokesperson said.

The system used by the Ministry of Defence (MoD) includes names and bank details of armed forces personnel and in a very small number of cases, the data may include personal addresses. Shapps stressed that no operational MoD data has been obtained in the hack, the motive behind which remains unclear.

He said the MoD has taken immediate action and the system was taken off-line, while investigations are conducted. Shapps said there is no evidence that data has been removed but the MoD was in the process of putting in place an eight-point plan to respond, including setting up a dedicated phone line. The April salaries of the armed forces personnel have been paid out as usual and only minor expense delays are expected due to the system being taken offline.

Labour's shadow defence secretary, John Healey, claimed in the Commons that SSCL (Shared Services Connected Ltd) was the contractor responsible, to which Shapps replied: ''He has named the contractor that was involved, I can confirm that's the correct name, SSCL.

''I've requested from the Cabinet Office a full review of their work across government as well as within MoD, which is underway.'' Tobias Ellwood, a Conservative Party MP and former soldier, told 'Sky News' that China ''was probably looking at the financially vulnerable with a view that they may be coerced in exchange for cash''.

This comes months after China's ''state-affiliated actors'' were blamed by the British government for two ''malicious'' cyberattack campaigns in the UK.

In a statement in the House of Commons back in March, the government revealed that the UK's National Cyber Security Centre (NCSC), a part of its Government Communications Headquarters (GCHQ), concluded that the country's Electoral Commission systems were "highly likely" compromised by a Chinese entity between 2021 and 2022. The NCSC also claims that it is "almost certain" that the China state-affiliated APT31 conducted reconnaissance activity against British parliamentarians during a separate campaign in 2021. All such attacks to interfere with UK democracy and politics are said to have been unsuccessful, but it has led to two individuals and one company linked to APT31 being sanctioned.

"The UK will not tolerate malicious cyber activity targeting our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and values," UK Deputy Prime Minister Oliver Dowden told Parliament at the time.

''I hope this statement helps to build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations. We will continue to call out this activity, holding the Chinese government accountable for its actions," he said.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)