A cyber attack on the UK MoD’s payroll system is suspected to involve China (Photo: UK MoD)

BELFAST — The UK has launched an investigation into a “suspected” cyber attack on the Ministry of Defence’s (MoD) payroll system, allegedly caused by China, as part of a wider eight-point plan to assess what led to “potential failings” and prevent future attacks.

China has been identified as the source of the attack by Sky News, the first to report the story, but Grant Shapps, UK Minister of Defense, stopped short of blaming Beijing specifically.

He told lawmakers on Tuesday, “we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement,” declining to provide any other details, citing “reasons of national security.”

China has denied any involvement. “The said accusation made by the UK side is nothing but a fabricated and malicious slander,” said a Embassy of China in the United Kingdom spokesperson, in a statement. “It is extremely absurd and despicable. We strongly condemn it.”

The suspected Chinese attack on the payroll system, contracted to Shared Services Connected Ltd (SSCL), affected 270,000 British armed forces personnel, exposing names, bank details and in some cases home addresses, though Shapps stressed that there is “no evidence” data has been removed.

He noted that there is “evidence of potential failings” by SSCL, which “may have made it easier” for the hacker to gain access to the system. The payroll network is separate to the MoD’s main computer and Human Resources systems.

As part of a eight-point plan to discover what went wrong and stop future cyber attacks, the MoD has launched a “full investigation” into the incident, started a security review of SSCL “operations” and as a precaution, formally notified all armed forces personnel of the incident, according to Shapps.

Additionally, the payroll system has been turned offline and British troops can also access a “commercial personal data protection service” designed to alert individuals of “any irregularities” relating to their personal information.

John Healey, UK Shadow Defense Secretary, also told lawmakers on Tuesday that Shapps had a wide range of questions to answer, like, “who held the data that was hacked? When was it discovered? When were ministers told? How was it leaked to the press?”

In March, the UK’s National Cyber Security Centre said that the state affiliated Chinese hacking group APT31 was “almost certainly responsible” for a 2021 campaign targeting British lawmaker emails, “most of whom” had criticized “malign activity” by Beijing.

In a separate development, Shapps today also announced that the UK was expelling the defense attaché at Russia’s London embassy, claiming the official was actually an intelligence officer.