Russian hackers 'stole hundreds of Ministry of Defence passwords and posted them on the dark web'

• Nearly 600 armed personnel, civil servants and contractors had logins stolen
• Logins were for MoD's Defence Gateway portal, which contains personal data
• The Ministry of Defence is said to be investigating the major security breach 

Russian hackers have stolen hundreds of Ministry of Defence emails and passwords and posted them on the dark web.

Login-ins belonging to 595 UK armed forces personnel, MoD civil servants and defence contractors have been swiped by cybercriminals since 2020.

The MoD is investigating this security breach after the data was taken and leaked on the dark web in yet another cyber-attack faced by the UK Government.

According to The i, many of the affected employees are based in the UK, but account details of staff located overseas were also compromised, potentially presenting a significant security risk. 

Locations of exposed staff are believed to include Iraq, Qatar, Cyprus and mainland Europe.

While it is understood that the information was poached using Russian hacking tools, there is no evidence the hack was directed by Kremlin.

The stolen data includes email addresses and other login-information required for the MoD's Defence Gateway portal, a secure online platform for all British military personnel.

Although the system does not contain classified information, according to the MoD it is integral to staff communication and provides access to human resources and health data.

One intelligence source told The i: 'This type of activity is often the first stage of a covert recruitment operation by adversaries.

'Stolen data provides hackers with personal information hostile actors can then use to coerce or blackmail employees.'

Alon Gal, chief technical officer of cybercrime intelligence firm Hudson Rock, said: 'The theft of such credentials can lead to significant security challenges, including supply chain risks, and the ability of an attacker to laterally move across connected platforms.'

He added: 'For Ministry of Defence personnel and contractors, this would jeopardise broader operational security and could expose sensitive data.'

The Defence Gateway portal allows users access to a selection of Defence web applications and can only be accessed using multi-factor authentication. 

It is believed that the majority of the data was stolen from staff using their personal devices to access the online platform.

According to The i, cyber security experts believe there is a risk hackers could access other sensitive credentials of MoD staff, including private email accounts, online banking, and social media accounts, which might pose a potential blackmail risk.

The MoD told the newspaper they were constantly investigating the theft of credentials, alongside the Government's National Cyber Security Centre (NCSC) searching on the dark web and 'repatriating' any which have been stolen. 

The NCSC works to track information stealer threats on a national scale, while the MoD ensures robust monitoring and rapid response within its own estate.

Together, they work to identify and remediate the loss of credentials as quickly as possible to minimise any adverse effects.

There are also a range of measures in place to educate personnel on the risks and need to keep their personal devices updated as well as the importance of broader personal security when online.

There are also technical measures in place to identify potentially at risk accounts and prevent malicious actors from exploiting them.

A government spokesperson said: 'We take a robust response to cyber threats which threaten our national interests and work round the clock to address vulnerabilities and protect critical services.

'It is important for individuals and organisations to remain vigilant against the risks posed by information theft.'