The 2003 Cyberattack Has Been Linked to a State-Sponsored Cyberespionage Campaign
The NCSC, which is part of the Government Communications Headquarters, revealed that the malware attack in June 2003, when an employee noticed suspicious activity, had been part of a state-sponsored cyberespionage attack.
The Communications-Electronics Security Group, which was the information assurance arm of GCHQ, was called in to analyze the situation.
Investigators tied the hack to a phishing email sent to an employee, and a detailed analysis led to the discovery of info-stealer malware “designed to steal sensitive data and evade anti-virus products.”
The incident triggered a “series of actions transformative to cyber incident investigations,” the NCSC said, adding that this was the first instance of GCHQ combining its signals intelligence capabilities with its cybersecurity function to investigate and identify a perpetrator.
The CESG shared its analysis of the cyberespionage tactics with its international allies at the time, but the NCSC on Friday did not reveal details of the targeted agency, the extent of the breach or the name of the nation-state behind the attack.
Paul Chichester, director of operations at NCSC, said it was “the first time that the UK and Europe started to understand the potential online risks faced.”
“Our response transformed how we investigate and defend against such attacks,” he said. “Twenty years ago, we were just crossing the threshold of the cyberattack arena. The NCSC and our allies have come such a long way since this incident.”
The CESG’s cyber expertise was later fused with the Center for Cyber Assessment, CERT-UK and the Center for Protection of National Infrastructure – now the National Protective Security Authority – and led to the formation of NCSC, which is responsible for responding to cybersecurity incidents.