Cyber Incident Victim: Rotherham Metropolitan Borough Council
Date:
Mar 2020
Location:
United Kingdom
Summary
A phishing campaign exploiting coronavirus-themed emails targeted local authorities, with Rotherham Council experiencing an incident where an employee inadvertently clicked a malicious link in a spam email containing "COVID-19" in the subject line. This triggered automatic emails but did not compromise data or systems, according to the council, which resolved the issue promptly. Middlesbrough Council warned other authorities about similar attacks involving fraudulent emails impersonating Rotherham with subjects like "Payroll Adjustment," urging staff to avoid interacting with suspicious content and report incidents immediately. The attacks highlighted criminals leveraging pandemic-related themes to infiltrate organizational IT infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In March 2020, during the early stages of the COVID-19 pandemic, Rotherham Council experienced a cybersecurity incident involving phishing emails exploiting coronavirus-related themes. Middlesbrough Council issued a warning to its staff on March 20, 2020, disclosing that Rotherham's IT systems had been compromised through fraudulent emails containing "COVID-19" in the subject line. The attack occurred when a Rotherham Council employee unintentionally clicked a link within a spam email, triggering automatic email generation from the compromised account. Rotherham Council officials confirmed the accidental interaction but asserted no data breaches or system compromises occurred beyond this automated email activity. The council's assistant director for customer, information and digital services, Luke Sayers, stated the issue was resolved promptly after detection.
The incident prompted Middlesbrough Council to alert its workforce about coordinated attacks targeting local authorities, specifically warning against emails impersonating Rotherham Council with subjects like "Payroll Adjustment" and "COVID-19." Staff were instructed to avoid opening attachments or links in suspicious messages and to report such emails immediately to their ICT department. Middlesbrough emphasized verification techniques including sender address checks, logo inspection, and grammar analysis to identify fraudulent communications. While Rotherham Council maintained that operational systems remained unaffected and no information was exposed, the event highlighted threat actors' exploitation of pandemic-related anxieties. The Local Democracy Reporting Service noted Rotherham Council officials were unavailable for additional comments following their initial statement about the resolved incident.