The UK’s Ministry of Defence has revealed that it was the target of a sophisticated, cyber attack that saw Russia-linked hackers pose as journalists.
The foiled attack was one of over 90,000 cyber attacks linked to hostile states directed against the UK’s defence over the past two years, according to the Ministry of Defence.
The spear phishing campaign, which targeted staff with the intention of planting malware on MoD systems, was dubbed “Damascened Peacock”.
MoD investigators based at the Global Operations Security Control Centre in Corsham, Wiltshire explained that the attack was given that name in honour of the market town’s famous feathered residents.
According to a report issued by the MoD and the National Cyber Security Centre, the initial attack consisted of two emails where hackers pretended to represent a news organisation making an urgent request.
A later attack used a financial theme in an attempt to trick the recipient into clicking on a link to a file-sharing site.
Anyone who clicked on the links in the phishing emails could be tricked into downloading a malicious executable file that had been disguised as a PDF, and running that file would display a decoy document while fetching malware from an external website.
The malware was digitally signed using a certificate issued to Russian company Futurico LLC, in an attempt to give a clock of legitimacy.
According to researchers the specific malware used against the MoD had not been seen before, but appears to be connected to the RomCom family of malware, previously used by the Russia-linked Storm-0978 hacking group in attacks on government and military organisations in Ukraine, as well as other agencies across the United States and Europe.
In November last year it was revealed that Russian hackers had stolen login details required for the MoD’s Defence Gateway portal – an online platform for all British military personnel – but it is unclear whether this is linked to the “Damascened Peacock” attack.
As Sky News reports, the UK’s military is strengthening its own capabilities with the intention of being able to launch cyber attacks against hostile states like Russia.
