Russian Hackers Leak UK Military Files on Dark Web, MoD Investigates

A major security breach has hit the UK’s Ministry of Defence,  with Russian cybercriminals reportedly stealing hundreds of sensitive military documents.

The files leaked from a contractor’s system after a ransomware attack, and contain highly sensitive information which has now been posted on the dark web for anyone to see. This is the third major data breach linked to the Ministry of Defence in just over a year.

The Scope of the Leaked Military Files

Hackers stole hundreds of sensitive military documents. They published them on the dark web in stages. The Mail on Sunday first reported this serious leak.

The leaked documents contain information about eight major Royal Air Force (RAF) and Royal Navy bases. These include, for example, RAF Lakenheath, which is based in Suffolk, where the US Air Force keeps its F-35s and is also reportedly one of the bases that stores US nuclear weapons.

Other bases named are RAF Portreath and RAF Predannack. But the breach goes beyond just basic information. The files also contain personal data of MoD staff and contractors.

This includes names, email addresses, and car registrations. Mobile phone numbers of personnel were also exposed. This creates a significant security and privacy risk for those individuals.

Contractor System Breached by Ransomware

The cybercriminals did not hack the MoD directly. Instead, they targeted a third-party contractor. They infiltrated the systems of the Dodd Group.

Dodd Group is a maintenance and construction firm. It has worked on MoD projects for decades. Hackers first got into the group’s network back on September 23 – it was a classic ransomware attack. They gained temporary access to its internal systems and are now slowly releasing the stolen data.

They plan four stages of releases. The latest leak was the second batch. A Dodd Group spokesperson confirmed the incident.

They said they took immediate steps to contain the breach. The company also engaged a specialist IT forensic firm. They are working hard to validate the claims of published data.

The MoD is still figuring out what’s going on. Their spokesman said they don’t joke with cyberthreats. But to protect operational information, they will not comment further.

A Pattern of MoD-Related Data Breaches

This is not an isolated event – it’s part of a worrying trend of breaches affecting the MoD, which raises serious questions about supply chain security.

In August, a different subcontractor had a data breach. It exposed the personal data of thousands of Afghans. These individuals were brought to safety in the UK for working with British troops.

Just last year, another hack targeted a MoD payroll system. It accessed the personal details of serving UK military personnel. That breach included names and bank details.

The UK’s National Cyber Security Centre recently warned that significant hacking attacks in the UK have reached a record high.

National Security Implications and Response

This breach poses a direct threat to national security. Exposed base details could compromise physical and digital defenses. Staff data floating around leaves them vulnerable to blackmail or espionage.

The authorities are trying to resolve the situation – the National Cyber Security Center is on the case, with the Ministry of Defence working alongside them, probing every area. Meanwhile, officials are apparently tearing through their security protocols like there’s no tomorrow, especially with third-party contractors. New, stricter cybersecurity standards for vendors are likely.

A government spokesman stated they are honoring all security commitments. They assured the public that robust measures are being implemented. The goal is to prevent future breaches in the supply chain.

The MoD continues to advise affected personnel. They are providing support on how to handle potential phishing attempts. The investigation into the full extent of the breach remains active.