UK Ministry of Defence investigates theft of credentials of 600 employees by infostealer
Take action: Another great lesson in keeping your devices and software updated, using MultiFactor Authentication and NEVER downloading and installing pirated or otherwise dubious software or trusting attachments. Infostealers are commonly carried through pirated software.
Learn More
The UK Ministry of Defence (MoD) is investigating a data breach that exposed login credentials of military personnel, civil servants, and defence contractors on the dark web.
The incident affects the MoD's Defence Gateway portal, an online platform used for staff communications and access to HR and health materials. The breach affects approximately 600 UK armed personnel, MoD civil servants, and defence contractors.
The credentials were stolen using infostealers malware, and was primarily targeting personal devices used to access the Defence Gateway platform.
The exposed data covers a period from 2020 to present (with 124 compromised users in the current year alone). The exposed data includes:
- Email addresses
- Login credentials for Defence Gateway portal
- Account access information
The breach impacts MoD staff across multiple locations including United Kingdom, Iraq, Qatar, Cyprus and Mainland Europе. The MoD, in collaboration with the Government's National Cyber Security Centre (NCSC), is actively investigating the incident.
While the Defence Gateway portal doesn't contain classified information, cybersecurity experts and intelligence sources are concerned about lateral movement across connected platforms, covert recruitment operations by adversaries, blackmail using compromised personal information or other personal systems (banking etc) stolen in the same infostealer.
The MoD has confirmed that while credentials were exposed, there is no indication that any data was actually accessed from the Defence Gateway portal.
