UK authorities confirms International Workplace cyber assault
The UK authorities has admitted that IT methods on the International, Commonwealth and Improvement Workplace (FCDO) had been hacked in October, however insists the assault had a “low danger” of private knowledge being compromised.
Throughout a spherical of broadcast interviews at present (19 December 2025), commerce minister Chris Bryant stated it was “not clear” who perpetrated the assault, though the primary report on the hack, revealed in The Solar, attributed it to a China-based menace actor generally known as Storm 1849.
The identical group was blamed for focusing on vulnerabilities in Cisco gear that led to a Nationwide Cyber Safety Centre (NCSC) warning in September for organisations utilizing Cisco’s Adaptive Safety Equipment household of unified menace administration methods. Customers had been advised to interchange any units reaching end-of-life help, noting the numerous dangers that ageing or out of date {hardware} can pose.
Bryant stated among the reviews in regards to the FCDO hack had been “hypothesis”, however that the federal government had managed to “shut the opening” shortly, and that safety specialists had been assured there was a “low danger” of any particular person being affected. The Solar report claimed hackers accessed confidential knowledge and paperwork, probably together with 1000’s of visa particulars.
The Storm 1849 assault marketing campaign on Cisco gear was dubbed ArcaneDoor, and focused two zero-day vulnerabilities. One was a high-severity denial-of-service vulnerability able to distant code execution; the opposite was a high-severity persistent native code execution vulnerability.
Whereas authorities IT methods all the time face scrutiny over cyber safety, the hack will present additional gasoline for critics of plans to introduce a nationwide digital ID scheme, lots of whom have already raised issues in regards to the potential dangers of gathering citizen identification knowledge.
The event additionally comes a day after ITV Information broadcast a report on the cyber safety points present in One Login – the federal government single sign-on system that will probably be on the coronary heart of the digital ID plan – which had been first revealed by Pc Weekly in April.
Damaging 12 months
2025 has been a notably damaging 12 months for cyber assaults, with high-profile ransomware campaigns affecting Jaguar Land Rover (JLR), the Co-op and Marks & Spencer.
The Workplace for Nationwide Statistics attributed a November decline within the UK’s financial system partly to the influence of the JLR assault, which stopped automobile manufacturing on the producer and had a knock-on influence throughout the automotive provide chain.
Final month, 4 London councils – Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham – suffered cyber assaults, disrupting providers and prompting an NCSC investigation. Westminster has since admitted that probably delicate knowledge was copied from its methods through the hack. Three of the native authorities function a shared IT service.
