Cyber Incident Victim: UK Government
Date:
Oct 2025
Location:
United Kingdom
Summary
The UK government confirmed that its systemshad been compromised in a cyber breach, with officials stating that the intrusion was quickly contained and described as a technical issue affecting one of its sites. Media reports attributed the incident to a China‑linked group known as Storm 1849, which was said to have accessed Foreign Office data, possibly including visa details, although ministers said they could not confirm a direct link to Chinese state actors. The government emphasized that the risk to individuals appeared low and that investigations were ongoing, while noting that other British firms had recently faced significant cyber disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2025the UK government experienced a cyber intrusion that was later confirmed by trade department minister Chris Bryant. Bryant told Times Radio that there certainly had been a hack of government systems. He declined to attribute the breach to Chinese operatives or the Chinese state, stating he was not able to say whether it was directly related to either. The confirmation came after a report in The Sun newspaper alleged that a Chinese-linked group had accessed Foreign Office data.
The Sun identified the alleged perpetrators as Storm 1849, describing it as a China‑linked cyber gang that forms part of a state‑aligned hacking apparatus and has previously been accused of targeting politicians and groups critical of the Chinese government. According to the newspaper, the breach possibly involved the exfiltration of tens of thousands of visa details from Foreign Office systems. Bryant characterised the government’s reaction as swift, noting that the technical issue affecting one of its sites was closed quickly. He added that, while the reporting around the incident remained speculative, the government continued its investigation and was fairly confident that the breach posed a low risk to any individual.
The Foreign Office stated that it was actively working to investigate the cyber incident and emphasized that it takes the security of its systems and data extremely seriously. The government’s acknowledgment of the hack followed two separate major cyber attacks on British companies earlier in the year: Jaguar Land Rover halted production for five weeks and Marks & Spencer suspended online orders for six weeks. Prime Minister Keir Starmer remarked that China represents a national security threat to the United Kingdom, even as his administration pursued increased engagement with the country, including a planned visit to Beijing in late January.