Damascened Peacock: Russian Hackers Targeted UK Ministry of Defence
The UK's Ministry of Defence has revealed that it was the target of a sophisticated cyber attack that saw Russia-linked hackers pose as journalists, in what has been dubbed "Damascened Peacock". The foiled attack is part of over 90,000 cyber attacks linked to hostile states directed against the UK's defence over the past two years, according to the Ministry of Defence.
The spear phishing campaign, which targeted staff with the intention of planting malware on MoD systems, was a sophisticated attempt to gain access to sensitive information. The attack was named "Damascened Peacock" in honour of the market town's famous feathered residents, highlighting the creativity and cunning of the Russian hackers.
The initial attack consisted of two emails where hackers pretended to represent a news organisation making an urgent request. A later attack used a financial theme in an attempt to trick the recipient into clicking on a link to a file-sharing site. Anyone who clicked on the links in the phishing emails could be tricked into downloading a malicious executable file that had been disguised as a PDF, and running that file would display a decoy document while fetching malware from an external website.
The malware used against the MoD was digitally signed using a certificate issued to Russian company Futurico LLC, in an attempt to give it a cloak of legitimacy. According to researchers, the specific malware used against the MoD had not been seen before, but appears to be connected to the RomCom family of malware, previously used by the Russia-linked Storm-0978 hacking group in attacks on government and military organisations in Ukraine, as well as other agencies across the United States and Europe.
It is unclear whether this attack is linked to a previous breach of the MoD's Defence Gateway portal in November last year, where Russian hackers stole login details required for the online platform. However, it highlights the ongoing threat posed by hostile states to the UK's defence capabilities.
The UK's military is strengthening its own capabilities with the intention of being able to launch cyber attacks against hostile states like Russia. This move comes as part of a broader effort to enhance the country's cyber security and countermeasures, in response to the growing threat posed by nation-state attackers.
A Growing Threat
Over 90,000 cyber attacks linked to hostile states have been directed against the UK's defence over the past two years, according to the Ministry of Defence. This represents a significant increase in the number of attacks, highlighting the growing threat posed by nation-state attackers.
Cyber Security Measures
The MoD has taken steps to enhance its cyber security capabilities, including strengthening its own defensive measures and investing in new technologies. The Global Operations Security Control Centre in Corsham, Wiltshire is a key hub for the centre's operations, providing real-time monitoring and incident response.