View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 26, 2022updated 08 Jul 2022 8:54am

Supply chain cyberattack on Ministry of Defence sees army recruitment data stolen

The MoD is the latest victim of a supply chain cyber attack. Such attacks are increasingly common.

By Claudia Glover

The UK’s Ministry of Defence (MoD) has been hit by a supply chain cyberattack that saw information on 124 new recruits leaked, and knocked the army’s recruitment portal offline for over a month. Analysts told Tech Monitor the attack appeared to be the work of opportunistic hackers, but it has led to an urgent review of IT security at the MoD.

Data on new recruits in the Army has been stolen in a cyberattack (Image by ilbusca/iStock)

Data on 124 new recruits, including full names, dates of birth, addresses, qualifications, previous employment details and family information, has been stolen in the breach, and has reportedly been put up for sale on the dark web. The army recruitment portal, the Defence Recruitment System (DRS), has been offline since March 16 as investigations continue.

Ministry of Defence falls victim to supply chain attack

The DRS is managed by outsourcing business Capita, which is where the issue started, meaning the MoD has been the victim of a supply chain attack, explains global head of threat analysis at security company Darktrace Toby Lewis. “The website targeted was outsourced to a third-party contractor and is almost certainly not connected to the core military networks,” Lewis says. “Supply chain compromises have been on the rise for a long time now because they have become one of the simplest and most effective means for attackers to infiltrate their desired target.”

Lewis continues: “All reporting suggests this was low-level in terms of sophistication – this appears to be simple credential masquerading, either through a leaked or weak password, or stolen via phishing.”

As reported by Tech Monitor, supply chain attacks are a growing risk for businesses. “Because all of these organisations have got third parties and partner organisations that connect into them, sometimes it’s really difficult to control,” says Bharat Mistry, technical director of the UK and Ireland at security company Trend Micro. “You’ve got this challenge of collaboration with external providers. How do you guarantee that they’re holding up the same level of security that you are?

The size of this particular attack and the attempt to monetise the data both point to an opportunistic cybercriminal, Mistry adds. “It seems like an opportunistic gang who’s probably found some information,” he says. “They may even have tried to extort some money out of the Army as well.”

Ministry of Defence launches investigation into cyberattack

These kind of breaches are common with online portals such as DRS, says Rosa Smothers, SVP of cyber operations at KnowBe4. “Web portals containing personally identifiable information are always a target of opportunity for hackers, whether they are government or civilian targets,” she says. “They were selling this recruitment data on the dark web and the buyers could have been a government entity or anyone interested in building fake credentials from these identities.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The Ministry of Defence has said that it will be launching a review into its IT security in response to the attack. Armed Forces Minister James Heappey announced this week that an “urgent review of our IT security has been ordered as a consequence [of the hack]. If they were hacking the recruitment system, that is clearly a poor reflection of our own IT.” The Information Commissioner’s Office has also taken a look at the incident and decided no further action was required.

Read more: Ministry of Defence CIO on building ‘game-changing’ digital capabilities

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.