RUSSIAN hacking software has allegedly stolen hundreds of Ministry of Defence computer log-ins in a major security breach.
The MoD is now investigating the incident which saw emails and passwords belonging to almost 600 employees – including UK Armed personnel, civil servants and defence contractors – stolen and leaked on the dark web by cybercriminal groups since 2020.
The stolen data includes email addresses, as well as other log-in information needed to access the MoD’s Defence Gateway portal, an online platform for British military personnel, according to reports.
While the system doesn’t contain classified information, it is said to be integral to staff communication, as well as providing access to human resources and health data.
According to the report by the i, the majority of the data was stolen from staff using their personal devices to access the online platform.
The outlet say they were told by the MoD they were constantly investigating the theft of credentials.
It is believed most of the exposed employees are based in the UK, but some details of MoD staff based in Iraq, Qatar, Cyprus and mainland Europe have also been stolen, which could present a significant security risk.
One intelligence source told the i: “This type of activity is often the first stage of a covert recruitment operation by adversaries.
“Stolen data provides hackers with personal information hostile actors can then use to coerce or blackmail employees who had viewed the stolen data said they believed it posed a greater risk to the individual rather than the institution.”
They added: “There is a significant risk here of further blackmail to members of the armed forces using exfiltrated personal data.
“These are the new techniques used by adversaries to infiltrate the UK.”
A government spokesperson told the i: “We take a robust response to cyber threats which threaten our national interests and work round the clock to address vulnerabilities and protect critical services.
“It is important for individuals and organisations to remain vigilant against the risks posed by information theft.”