China stands accused of hacking the UK Ministry of Defence (MoD) in a major cyberattack on armed forces’ SSCL payroll data system.

The data breach compromised the names and bank details of current military personnel and veterans, Sky News reported.

When addressing the House of Commons today (7 May), UK Defence Secretary Grant Shapps said a “malign actor” was responsible for the attack, but that the government “cannot rule out state involvement”. He added that there was “no evidence that any data has been removed”. 

Shapps has announced a “multi-point plan to support and protect personnel”, an MoD spokesperson told Army Technology.

The MoD has been working urgently to grasp the scale of the cyberattack over the last three days since discovering the data breach.

The UK government has yet to name a suspected culprit. Former head of the National Cyber Security Centre (NCSC) Ciaran Martin said “there’s nothing unusual or untoward about the government not saying who they think is behind the breach at this stage” in a thread on X

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“If past form is a guide, bring allies on board before formally accusing another state (or criminal group)”, Martin added, a referring to former US Director of National Intelligence James Clapper’s allegations towards China over the 2015 OPM breach.

“Accuracy and allies are more important than speed”. 

Who is responsible for the MoD’s payroll contract?

UK Prime Minister Rishi Sunak, meanwhile, refused to blame China directly, but more broadly said he “set out a very robust policy towards China to protect ourselves against the risks that China, and other countries, pose to us”. 

Sunak’s spokesperson added that “in relation to the specific contractor involved in the incident, a security review of that contractor’s operations is under way and appropriate steps will be taken after that”. 

SSCL, a joint venture between the UK Cabinet Office and French tech company Sopra Steria, holds the overarching payroll contract for MoD payroll data.

SSCL is responsible for “delivering the MoD’s vision to transform core payroll, HR and pension services for 230,000 military personnel and reservists and 2 million veterans”, according to Sopra Steria’s website.

Labour’s Shadow Defence Secretary John Healey today (7 May) claimed that SSCL is the culpable contractor.

It remains unclear if Sopra Steria directly operates the payroll element of the SSCL contract or if it is overseen by a downstream contract.

Shapps, however, added that the breach was due to the “potential failings” of the contractor. 

Army Technology has approached Sopra Steria and SSCL regarding the reported attack and whether its systems were targeted.

UK Defence Secretary Grant Shapps arriving at Downing Street earlier today (7 May). Credit: Wiktor Szymanowicz / Getty.

While the attack seems to have followed the pattern of a typical supply chain breach, Sopra Steria has previously been targeted by the Ryuk ransomware variant.

In 2020, a Russia-linked ransomware attack was estimated to cost the Paris-headquartered company between $48m and $60m.

What does Beijing stand to gain?

Earlier today (7 May), Chinese Foreign Ministry spokesperson Lin Jian described the allegations as “absurd”, stating that Beijing “opposes all forms of cyberattacks”.

Potentially sensitive data on key MoD individuals is an invaluable asset for Beijing amid rising tensions between China and the US, the UK and other Western powers.

The allegations of state-sponsored cyber espionage come as Chinese President Xi Jinping visits Europe for the first time in five years.

Xi landed in France on Sunday (5 May) and has committed to “refrain from selling any weapons” to Russia – at least according to French President Emmanuel Macron.

The latest cyberattack also aligns with China’s capability in human intelligence.

Beijing’s Ministry of State Security has the widest reach of any global intelligence agency and has frequently used cyberattack strategies to sow doubt and gain leverage over rival states.

This payroll data breach is the latest in a series of alleged Chinese state-sponsored cyberattacks on UK.

In March, Deputy Prime Minister Oliver Dowden revealed two incidents, one involving a breach of the UK’s Electoral Commission and the other a series of targeted attacks on China-sceptic MPs.

Attention remains fixated on the MoD’s response to China’s alleged act of cyber warfare on a military and government institution. 

Updated to include UK Defence Secretary Grant Shapps’ comments.