Cyberattack against UK Ministry of Defence training academy revealed

The attack had a "significant" impact on operations last year.
Written by Charlie Osborne, Contributing Writer

A retired military officer has disclosed a cyberattack that struck the UK Ministry of Defence (MoD) academy and had a "significant" impact on the organization. 

Air Marshal Edward Stringer, an officer in charge at the time, told Sky News that the cyberattack was discovered in March 2021. 

According to the retired officer, "unusual activity" was detected by IT outsourcer Serco but originally it was thought that this may have been due to some form of IT error rather than something malicious.

The Defence Academy of the United Kingdom was the target. The organization is responsible for teaching and training thousands of military personnel, MoD employees, wider government figures, and overseas students. Courses on offer relate to topics including security, strategy, languages, and information warfare. 

While full attribution is not available as to whom was responsible, the publication reports that China or Russia was "possibly" involved. 

Iran and North Korea were also floated as potential sources of the cyberattack. 

"It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organization," Stringer said. 

As academy staff worked to keep courses running, management was concerned that the reason behind the attack may not have been to disrupt the educational system – but rather, the academy could have been used as a "backdoor" to target the wider MoD. This prospect had severe ramifications and could have had potential consequences for national security. 

Stringer added that despite these concerns, there appears to be no evidence of breaches beyond the Defense Academy. 

An investigation has been launched and the National Cyber Security Centre (NCSC) is aware of the cyberattack. 

During the interview, Stringer said the cyberattack was "significant, but then manageable" – and further prompted the academic institution to ramp up its security posture and network resiliency after accounting for the "operational cost" of dealing with the incident. 

As of now, the IT infrastructure is still being rebuilt and the Defence Academy is set to launch a new website in the future.

An MoD spokesperson told Sky News:

"In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued."

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards