Chinese Hack Exposes Ministry Of Defence Payroll Data

Fingers of blame are once again being pointed at China, after another third party supplier to the Ministry of Defence (MoD) was reportedly compromised.

The Guardian reported that an unidentified hacker had obtained the names and bank details of UK armed forces members.

The reports stated approximately 270,000 payroll records of nearly all current and former members of Britain’s armed forces (including reservists and at least one MP) were exposed.

Payroll compromise

So what exactly happened? Well according to the media reports, a third-party payroll system used by the MoD, was compromised. Besides personnel’s actual names and bank details being compromised, the hackers may have also obtained a very small number of physical addresses.

The Guardian reported that the compromised third-party payroll system used by the MoD was managed by a private contractor, Newport-based SSCL.

The MoD reportedly took immediate action and took the external network offline.

Grant Shapps, the defence secretary, reportedly told MPs on Tuesday that the hack was the “suspected work of a malign actor and we cannot rule out state involvement”.

While the country was not officially named, sources quickly pointed the finger of blame at China.

The minister told the Commons that there was not yet a “proven connection” to China, and he would not even mention the country by name, leading to criticism from several MPs for his caution.

The Guardian reported that John Healey, the shadow defence secretary, contrasted media reports of Chinese involvement with Shapps’s limited declaration, and accused ministers of having “no cross-government China strategy” and “completely inadequate resourcing” in defending against threats from Beijing.

It was reported that the hackers were present in the compromised system for weeks, but there is no immediate evidence that any data was stolen or interfered with.

The Guardian noted that salary payments have not been affected, but personnel have been offered credit checks.

Third-party vulnerability?

This is not the first time that a third-party supplier to the MoD has been compromised.

In September 2023, a British high-security fencing supplier, Zaun Ltd, confirmed a “sophisticated cyber-attack,” that compromised data belonging to the Ministry of Defence.

Wolverhampton-based Zaun confirmed that on 5 and 6th August 2023 it was “subjected to a sophisticated cyber-attack on our IT Network by the LockBit Ransom group.”

Zaun is a specialist supplier of fencing solutions to many high-profile sites including MoD locations. LockBit are one of the most active ransomware gangs in the world and is linked to Russia.

As a result of the Zaun attack, LockBit reportedly published thousands of stolen pages of sensitive information belonging to MoD on the dark web. This included thousands of pages of MoD data concerning the HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post.

Media reports at the time also reported that the leaked documents included details of equipment used at GCHQ’s satellite ground station and network monitoring site in Bude, Cornwall.

China denial

In the latest MoD breach however, China reportedly denied it was involved and said the idea that it posed a threat to the UK was a gross distortion.

A spokesperson for the Chinese embassy in London was quoted by the Guardian as saying: “We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce.”

China’s president Xi Jinping, is currently on a tour of Europe, but is not set to visit the UK. He spent Monday in Paris and will visit Serbia on Wednesday and Hungary on Thursday – both countries have a friendly relationship with Beijing.

China sanctions

China has been blamed before for a number of “malicious” cyberattack campaigns in the UK.

China has been accused of sustaining a cyber-attack campaign lasting more than a decade that included a hack on the UK’s Electoral Commission, disclosed last year, that resulted in the theft of the personal details of about 40 million voters.

The National Cyber Security Centre, part of GCHQ, also warned that that four British MPs critical of Beijing were targeted in a separate attack.

In March this year the US, UK imposed more sanctions on China over its campaign to target critical infrastructure and place officials under surveillance.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 mins ago

Tech Minister Admits UK Social Media Ban For Under-16s “On The Table”

Following Australia? Technology secretary Peter Kyle says possible ban on social media for under-16s in…

21 hours ago

Northvolt Appoints Restructuring Expert For Main Battery Plant

Restructuring expert appointed to oversea Northvolt's main facility in northern Sweden, amid financial worries

22 hours ago