First state-sponsored cyberattack against UK government revealed two decades later

/in


The UK National Cyber Security Centre (NCSC) has revealed details of the first cyberattack perpetrated against the UK government by another state. The rare insight marks the 20th anniversary of a malware attack on a government department that was identified by GCHQ’s Communications-Electronics Security Group (CESG) as state-sponsored cyber espionage. The response acted as the forerunner to a capability that became the NCSC, which was launched in 2016.

Today, state-sponsored cyber campaigns against other nations are common, particularly during periods of conflict and political unrest. The current Russia-Ukraine conflict is a prime example. Microsoft’s latest nation-state cybersecurity intelligence report revealed a wave of cyberattacks from an actor it calls “Cadet Blizzard” associated with the Russian GRU. These attacks, which began in February 2023, target government agencies and IT service providers in Ukraine. It also revealed “Cadet Blizzard” as a new Russian state-sponsored threat actor that targeted Ukraine before the Russian invasion began, likely in an attempt to weaken infrastructure ahead of the assault.

GCHQ fused intelligence capabilities with cybersecurity function for the first time

In June 2003, cyber experts were called upon to investigate after a government employee detected suspicious activity on one of their workstations, the NCSC wrote in a blog. At the time, there was no government agency set up to deal with cyberattacks, nor was there a dedicated national incident management function. A suspected phishing email was identified, so technical specialists sought help from the CESG – the information assurance arm of GCHQ at that time.

“CESG’s analysis discovered that malware, designed to steal sensitive data and evade anti-virus products, had been installed, raising suspicions about the attacker’s intent and setting in motion a series of actions that was transformative to cyber incident investigations,” the NCSC said. For the first time, GCHQ fused its signals intelligence capabilities with its cybersecurity function to investigate and identify the actor responsible.

The ground-breaking analysis, coupled with international engagement, led CESG…

Source…