On Tuesday, the Chinese government confirmed suspicions that it was the nation state behind the hacking incident involving the United Kingdom’s armed forces. Hours before formal accusations were made, China preemptively denied any involvement.
Grant Shapps, Britain’s defense secretary, informed the House of Commons later that day that a malicious actor had breached a defense ministry contractor responsible for payroll. This breach, labeled as a “data incident,” allowed the cyber actor to access part of the armed forces payment network, separate from the ministry’s core network. The compromised system contained personal information of regular and reserve personnel, as well as veterans, including names, bank details, and in some cases, addresses.
Shapps stated that initial investigations found no evidence of data removal, but precautionary measures were taken by alerting affected service personnel through their chain of command.
Despite suspicions, the British government chose not to explicitly name China as the perpetrator, reflecting the delicate balance between geopolitical tensions and economic ties. However, media outlets such as Sky News, The Telegraph, and the BBC reported China’s involvement.
Earlier in Beijing, the Chinese foreign ministry vehemently denied any involvement, labeling the allegations as “purely unfounded” and stressing China’s opposition to all forms of cyberattacks.
The Chinese embassy in London remained silent on the matter, while their website issued a statement condemning the accusation as “fabricated and malicious slander.”
In response to the breach, Shapps outlined an eight-point plan to safeguard the data of defense personnel, including taking the system offline and initiating a review of the contractor.
The exact timing of the cyberattack was not disclosed by the British government.
Prime Minister Rishi Sunak, without naming China, assured that those affected by the hack would receive appropriate support.
This incident follows previous accusations by Britain’s National Cyber Security Center, linking a Chinese entity to hacking the U.K.’s elections watchdog in 2021 and 2022. In February, the FBI also accused Chinese cyber actors of infiltrating U.S. critical infrastructure.
These events underscore escalating concerns regarding cybersecurity and international relations in an increasingly digitized world.