Subscribe
subscribe customer help contact us faq advertise with us

Europe

UK probes possible Russia-linked hack that exposed files on US military bases

By
Stars and Stripes
A hand on a touchpad on a computer keyboard.

The British defense ministry is investigating the theft of sensitive military documents in a hacker attack on U.K. bases, including RAF Lakenheath and RAF Mildenhall, where U.S. forces are stationed. (Sarah Post/U.S. Air Force)

British defense officials are investigating whether hackers stole hundreds of sensitive military documents containing details of eight bases in the country, including two used by the U.S. military, and posted them on the dark web.

The U.K. defense ministry confirmed the probe to Stars and Stripes on Monday in a statement, which provided no further comment.

The files contained information on RAF Lakenheath and RAF Mildenhall, the two largest bases used by the U.S. military in the U.K. and home to thousands of American personnel and their families, according to a report over the weekend by British newspaper the Mail on Sunday.

U.S. Air Force representatives at Lakenheath and Mildenhall did not immediately respond to a request for comment.

The Russian group Lynx is thought to be responsible for the hack, the Mail on Sunday reported. The disclosure comes as Western intelligence agencies warn of increasing Russian cybercrime and espionage activity targeting NATO infrastructure.

British and U.S. officials have repeatedly accused Russia-linked hackers of probing allied defense contractors and attempting to disrupt logistics and communications networks that support Kyiv.

Some of the stolen files related to construction work at Lakenheath by the company Kier, the paper said. Kier, as part of a joint venture, was contracted in 2018 to deliver major infrastructure upgrades at the base related to U.S. F-35 operations, the government said at the time.

RAF Lakenheath is home to U.S. Air Force F-35 squadrons, while nearby RAF Mildenhall hosts aerial refueling and special operations units.

RAF Portreath, a radar station that forms part of NATO’s air defense network, and RAF Predannack, home to the U.K.’s National Drone Hub, were also targeted, along with RAF St. Mawgan, HMS Raleigh, HMS Drake and RNAS Culdrose, according to the report.

Other documents compromised in the breach reportedly included visitor records at other bases, contractor and personnel contact details, and internal security guidance that could be exploited in phishing attacks, the Mail on Sunday reported.

Names, cellphone numbers, vehicle registrations and email addresses were also said to have been posted to the dark web, a hidden part of the internet accessible only through specialized software, according to the newspaper.

Intruders accessed the files by hacking a maintenance and construction company employed by the ministry, allowing them to bypass the British military’s cyberdefenses, the report added.

A spokesperson for Dodd Group told the BBC that it had experienced a ransomware incident in which an unauthorized third party gained temporary access to part of its internal systems.

Dodd is a British engineering and property services company whose work includes the defense sector

The reported hacking follows a series of high-profile data breaches at the U.K.’s defense ministry, underscoring ongoing challenges in securing military contractors’ networks.

In August, it was revealed that thousands of Afghans fleeing their country for Britain had their personal data exposed after a ministry subcontractor suffered a breach.

author picture
Phillip is a reporter and photographer for Stars and Stripes, based in Kaiserslautern, Germany. From 2016 to 2021, he covered the war in Afghanistan from Stripes’ Kabul bureau. He is a graduate of the London School of Economics.

Sign Up for Daily Headlines

Sign up to receive a daily email of today's top military news stories from Stars and Stripes and top news outlets from around the world.

Sign Up Now