Cyber Incident Victim: Ministry of Defence
Date:
Nov 2015
Location:
United Kingdom
Summary
A contractor providing networking services to the UK Ministry of Defence suffered a cyberattack compromising personal data of 831 defence community members with security clearances, including names, organizational affiliations, email addresses, and encrypted passwords. Attackers defaced the website with spam content, created fraudulent accounts, and accessed non-classified files. The breach prompted notifications advising affected individuals to change passwords on other platforms and警惕 phishing attempts, though over 40% of notifications failed to reach recipients. Remediation included vulnerability testing, software upgrades, and user account audits. While no classified information was compromised, the incident exposed vulnerabilities in a platform designed to support defence operations and cyber training.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 4, 2015, a cyber-attack targeted Niteworks, a business networking organization contracted by the UK Ministry of Defence (MoD) to facilitate collaboration between defense personnel and industry partners. Attackers compromised the niteworks.net website’s members’ area database, gaining access to personally identifiable information of 831 individuals with security clearances, including names, organizational affiliations, and email addresses. The breach also exposed encrypted passwords, though Niteworks asserted no evidence indicated decryption occurred. While no classified information was compromised—all data remained at or below the OFFICIAL classification level—the attackers created fraudulent accounts and defaced the site with advertisements for herbal pills, suggesting potential spam-related motives or an attempt to obscure more sophisticated espionage activities. Niteworks discovered the breach promptly, taking the website offline for maintenance, where it remained inaccessible for over five months post-incident.
Niteworks reported the incident to the UK Information Commissioner’s Office (ICO) and, following guidance from BAE Systems (the site’s hosting provider), notified the MoD’s Joint Security Co-ordination Centre (JSyCC). The organization conducted vulnerability assessments, upgraded its Symphony content management system, and audited user accounts to prevent further unauthorized access. Impacted individuals received breach notifications via email, advising password changes on other platforms if credentials were reused and warning of heightened phishing risks. Of 831 notifications sent, 355 emails failed to deliver, requiring manual follow-up through organizational representatives. The MoD confirmed awareness of the attack but stated no operational consequences materialized for members or Niteworks. BAE Systems separately reported high-level issues to JSyCC, though neither the MoD nor Niteworks publicly identified suspects or attributed the attack to specific threat actors.