Cyber Incident Victim: Defence Academy of the United Kingdom

On or around March 21, 2021, the UK Ministry of Defence's Defence Academy experienced a significant cyber attack that compromised its IT systems. The attack, reported by The Sun newspaper, was attributed to state-sponsored hackers with Russia and China identified as suspected perpetrators. The Defence Academy, responsible for providing postgraduate education to British Armed Forces personnel, civil servants, and international service members, saw its website taken offline and its contractor-operated IT network rendered inoperable. Systems were compromised to the extent that staff were instructed to cease using work-issued devices and switch to personal laptops and computers to maintain operations. The incident disrupted internal network functionality but did not affect the broader Ministry of Defence IT infrastructure. Ministry officials confirmed awareness of the breach while emphasizing that teaching activities continued despite the technical disruptions.

The cyber attack necessitated extensive recovery efforts estimated to require at least five weeks for full system restoration. Contractors managing the academy's IT infrastructure worked to rebuild compromised computers and servers, though specific technical details regarding the attack vector or data exfiltration were not disclosed publicly. No operational impacts on military functions beyond the academy were reported. The Ministry of Defence issued a statement clarifying the containment of the incident to the contractor-managed systems, underscoring the segregation between the academy's network and core defence networks. While attribution remained unconfirmed by official channels, internal communications to staff characterized the incident as the work of a foreign power, aligning with media reports naming Russia and China as likely sponsors. The academy maintained its educational operations throughout the recovery period using alternative devices and workarounds.