A military officer now retired has recently disclosed that a cyberattack struck the United Kingdom’s Ministry of Defence (MoD) training academy.

Air Marshal Edward Stringer commented that the online attack’s impact on the MoD as an organisation was “significant”. Government offices like the MoD often make attractive targets for cybercriminal groups. Along with raising their profile in the tabloids, successful strikes can earn them kudos among their peers and help gangs attract new talent to their ranks.

Air Marshall Stringer explained to Sky News that he had been an officer in charge when the cyberattack was first identified back in March last year. The now retired officer says an outsourcer employed by the MoD for IT, Serco, first detected unusual activity. However, this observation was initially believed to have been caused by an IT error instead of something more sinister in nature.

The target of the cyberattack was the United Kingdom’s Defence Academy. The long-established organisation has the responsibility of training and teaching thousands of the country’s military personnel, government figures and students overseas, along with employees at the MoD. Topics taught on the wide range of instructive courses include languages, security, information warfare and military strategy.

While details on who the perpetrators behind the cyber strike were have yet to become available, recent publication reports have intimated the possible involvement of state operatives in Russia or China. Other operators considered to be potentially involved include North Korea and Iran.

Stringer commented to Sky:

“It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation.”

Fears of a wider attack

As staff at the Defence Academy worked around the clock to ensure the continuity of its courses, management raised concerns that the purpose of the cyberattack was not simply to cause disruption to the institution’s educational system. It suggested that the academy may instead be part of a wider scheme to launch an attack on the MoD, perhaps being exploited as a backdoor and staging area. If this is the case, it is understood that the 2021 cyberattack has more serious ramifications with possible consequences for the UK’s national security.

A spokesperson for the MoD made a statement to Sky:

“In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued.”

Stringer confirmed that despite concerns raised by management, to date there appears no evidence of any breaches other than at the Defence Academy.

A new investigation has now begun, and the UK’s National Cyber Security Centre (NCSC) has been informed of the attack.

In his interview, Stringer commented that while significant, the cyberattack was manageable. However, he added that after the MoD accounted for the operational costs of coping with the incident, it had prompted the academy to fortify its current security position and network resiliency.

Using Galaxkey’s services you can ensure your enterprise is protected from all known and unknown attacks. You can get a free 14-day trial to see just how useful and effective our solution is.