Cyber Incident Victim: Labour Party
Date:
Nov 2019
Location:
United Kingdom
Summary
The UK Labour Party experienced a sophisticated large-scale cyberattack targeting its digital platforms, followed by subsequent attacks on both Labour and the Conservative Party. The incidents involved distributed denial-of-service (DDoS) attempts aimed at overwhelming websites with malicious traffic, though no data breaches occurred and defenses successfully mitigated disruptions. While the attacks raised concerns about election-related interference, initial assessments found no evidence linking them to foreign state actors. The Conservative Party faced a larger but unsuccessful attack from different hackers. Security agencies noted DDoS tactics are common and difficult to attribute, with mitigation measures effectively countering the incidents during the heightened election period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 11, 2019, the UK Labour Party experienced a sophisticated and large-scale distributed denial-of-service (DDoS) cyberattack targeting its digital platforms. The attack, which began on Monday, November 10, was successfully repelled by the party's defense systems with no compromise of data according to their statement. Labour leader Jeremy Corbyn confirmed the attack was thwarted but expressed concern about its implications for the upcoming December 12 general election. Hours after the initial attack, Labour's website and online services faced a second DDoS bombardment on Tuesday afternoon. Shortly before 1600 GMT that same day, the Conservative Party's website also came under a similar DDoS attack described as larger in scale than the Labour incidents, though no party websites were fully taken offline.
The UK National Cyber Security Centre (NCSC) confirmed the attacks employed DDoS techniques designed to overwhelm websites with malicious traffic, noting such methods are commonly used by a wide range of attackers. While security agencies had previously warned about potential foreign interference in the election, sources with knowledge of these specific incidents stated there was no evidence linking them to state actors. The Conservative Party did not immediately comment on the attack against their systems. Labour officials reported implementing ongoing security measures to maintain platform functionality during the incidents, acknowledging users might experience temporary service differences. The attacks occurred against the backdrop of heightened cybersecurity concerns surrounding the Brexit-deadlock election called by Prime Minister Boris Johnson.