Table of Contents
RUSSIAN cybercriminals have compromised hundreds of military documents and made them available on the dark web in a ‘catastrophic’ hack.
The security breach affected eight RAF and Royal Navy bases, along with the emails and names of personnel, as reported by The Mail on Sunday.
RAF Lakenheath, which is part of the breach, is home to US F-35A Lightning II multi-role fightersCredit: Getty
The security breach has compromised nearly 1,000 files belonging to the Armed ForcesCredit: Getty
The breach has been described as ‘catastrophic,’ and the MoD is currently investigating the incident, which is believed to have been carried out by the Russian group Lynx.
The hackers accessed sensitive information by infiltrating a maintenance and construction contractor working with the MoD in a “gateway” attack.
Targeting the third-party Dodd Group allowed the cybercriminals to bypass the MoD’s robust cyber defenses.
The leaked data, now circulating on the dark web, contains information about RAF and Navy bases, including RAF Lakenheath, which is believed to house US Armed Forces’ F-35 stealth jets and nuclear weapons.
Top-secret radar base RAF Portreath and the UK’s National Drone Hub – RAF Predannack, were also included in the leak.
Hackers accessed files labeled “Controlled” or “Official Sensitive,” some of which contained the names and email addresses of MoD personnel, as well as contractors' names, vehicle registrations, and mobile numbers.
This attack occurs as the number of significant breaches in the UK has reached an all-time high. The National Cyber Security Centre reported last week that 204 breaches have occurred this year up to September.
A former military intelligence officer told the Mail on Sunday that this represents a “catastrophic security failure.” Colonel Phil Ingram added that an attack of this magnitude would cause “huge alarm” in the US.
He stated: “Any sensitive information, from emails to mobile phone numbers, will be valuable to our adversaries.
“This is yet another embarrassing breach of the MoD’s supply chain that compromises sensitive data. It seems there isn’t a week that goes by without another MoD-related breach, and there is no sign of accountability.
“This likely reflects the outdated IT infrastructure of the MoD, its rigid processes, and a general lack of care.”
The hackers claimed to have “quietly extracted roughly 4TB of data, including material from secured repositories.”
The initial breach occurred on September 23 after hackers targeted the Dodd Group, a prominent UK building and maintenance contractor.
The contractors have previously worked for the MoD and the Duchy of Cornwall.
Upon accessing the top-secret documents, the cybercriminals warned the Armed Forces: “Time is running out – you have the opportunity to resolve this matter before inevitable consequences unfold.”
The criminals are releasing sensitive data online in scheduled posts to the dark web, with two out of four data dumps already made public.
The hundreds of files accessed and posted online contained internal email guidelines and security instructions, which could greatly assist any criminals aiming to send phishing emails.
Other sensitive data included visitor forms for Portreath, revealing contractor details alongside MoD personnel data. Visitor logs for the major air station, RNAS Culdrose, were also disclosed.
Details regarding construction group Kier’s activities at RAF Lakenheath were also revealed. The RAF base reportedly received B61-12 thermonuclear gravity bombs in July.
Security and defense expert from the University of Buckingham, Professor Anthony Glees, told The Mail on Sunday: “This is a massive national security breach, and it’s a double-headed breach,
“Because it not only concerns data of great significance to Britain’s adversaries and potential enemies, but it is also an embarrassment to Britain’s allies, particularly the US.”
Lynx is believed to be a group of hackers operating in Russian-speaking underground forums.
The MoD informed The Sun that it is “actively investigating” the breach.
“We take a robust and proactive approach to cyber threats that could pose a risk to national interests,” added the spokesperson.
The cybercriminals are believed to be part of the Russian-speaking group LynxCredit: Getty
