'The keyboard is now a weapon of war': Russian-linked hackers posing as journalists targeted MoD, govt says

Russia-linked hackers posing as journalists targeted staff at Britain's Ministry of Defence in a cyber spying operation that was spotted and thwarted, the government has revealed.

Details of the foiled hack emerged as Defence Secretary John Healey said the UK military is bolstering its own offensive capabilities to conduct cyber attacks against hostile states like Russia as part of a long-awaited review of UK defence. The Strategic Defence Review is expected to be published on Monday.

It was launched by Sir Keir Starmer last July and comes ahead of a major summit of NATO allies in June. A major new podcast series by Sky News and Tortoise which begins on 10 June will explore the state of UK defences by running a wargame that simulates a Russian attack on the UK.

"The nature of warfare is changing," Mr Healey told a group of journalists on a visit to a secure facility in Wiltshire where the defence team that defeated the Russian cyber attack is located. "The keyboard is now a weapon of war and we are responding to that." Part of this response, announced on Thursday, includes the creation of a new cyber command to oversee offensive and defensive cyber operations.

The government also plans to invest more than £1bn on improving its ability to hunt, locate and strike targets on the battlefield, drawing on digital technology. "In future conflict, those that prevail will be those who are not just better equipped and better trained, but better connected and also capable of innovating ahead of adversaries," the defence secretary said.

The thwarted Russia-linked hack was one of more than 90,000 cyber attacks associated with hostile states that were directed against the UK military and other parts of defence over the past two years - a doubling from the previous two years, the Ministry of Defence said. Part of the increase is because the military is getting better at spotting the attempts against its networks.

However, it is understood the attacks are becoming more sophisticated - making them harder to combat. Late last year, the National Cyber Security Centre (NCSC), which is part of GCHQ, alerted the Ministry of Defence to a suspected spear phishing campaign.

The Global Operations Security Control Centre at MoD Corsham, in Wiltshire, which defends the Ministry of Defence's networks in the UK and overseas, was tasked with identifying the threat. The team worked on computers inside a large, windowless hall - filled with rows of desks and a bank of large screens along one wall.

"MoD detected a spear phishing campaign targeting staff with the aim of delivering malware," the analysis by the NCSC said. "The initial campaign consisted of two emails with a journalistic theme attempting to represent a news organisation.

The second campaign followed a financial theme, directing targets to a commercial file share." The officials who were involved revealed details of the effort during the defence secretary's visit to MoD Corsham this week. One of the individuals said it took about an hour to spot the attack.

Asked what it felt like to discover the intrusion, the individual said "cool". The malware was linked to a Russian hacking group called RomCom, a second official said.

The particular code that was used had not been seen before, so the British side gave it the name "Damascened Peacock". "Corsham is famous for peacocks," they said.

The two officials are part of a team of cyber experts - a mix of military personnel, civil servants and civilian contractors - who work at the secure centre. A key focus at the moment is protecting a major deployment by the Royal Navy's aircraft carrier, HMS Prince of Wales, loaded with state-of-the-art F-35 fast jets and protected by a task force of warships, as it travels through the Red Sea off the coast of Yemen.

The carrier strike group is expected to pass through the Bab el-Mandeb Strait in the coming days - well within range of an Iranian-backed militia that has targeted British and American warships and well as commercial shipping with missiles. The cyber experts, though, are trying to defend the deployment from cyber attacks.

Earlier in the month, US President Donald Trump struck a deal with Houthi militants to stop them from attacking ships, but the British side is still very alert to the potential threat. "The strike group is going through what could be a high risk dangerous passage," Mr Healey said..