The Foreign Office was the target of a “serious” cyberattack last month that was deemed so severe that officials had to seek outside help.
According to a public tender announcement, the department paid the cybersecurity contractor BAE Systems Applied Intelligence nearly £470,000 to tackle the “unforeseeable” problem.
Details are top secret, although Britain’s intelligence agencies have warned that government departments should be braced for cyberattacks from Russia amid tensions over troops near Ukraine’s border.
It is not clear whether the attack was launched by a state or cybercriminals, or whether the government knows the source. Normally the UK government attributes cyberattacks to states when it has enough information to do so.
The tender document said that the department was the target of a “serious cybersecurity incident, details of which cannot be disclosed”. Rapid help was needed and the department said that the contract was awarded “due to the urgency and criticality of the work”.
It was awarded without prior publication of a call for competition because of the “extreme urgency brought about by events unforeseeable for the contracting authority”, it continued.
The Foreign, Commonwealth & Development Office (FCDO) paid £467,325.60 for its assistance after issuing a contract for “business analyst and technical architect support to analyse an authority cyber security incident” that concluded January 12 2022.
The department employs more than 17,000 staff, including 280 overseas embassies and high commissions.
On Friday it emerged News Corp and other media outlets appeared to have been the target of “persistent nation-state attack activity”, believed to be linked to China.
The attack, discovered on January 20, included the targeting of emails and documents of some employees, including journalists. It also affected the company’s US news operations, including the publications The Wall Street Journal and New York Post.
In a cyber alert to News Corp staff, David Kline, chief technology officer, and Billy O’Brien, chief information security officer, said preliminary analysis indicated foreign government involvement may be associated with the activity and that some data was taken.
Last month the National Cyber Security Centre (NCSC), a part of GCHQ, issued a warning to organisations and companies to step up their cyber defences to “stay ahead of potential threat” facing the country.
The alert was in response to recent “malicious cyber incidents in Ukraine”, including a major attack against government websites and the discovery of destructive malware in Ukrainian systems.
Paul Chichester, the director of operations at the NCSC, said the UK had observed a pattern of Russian behaviour over several years and the incidents in Ukraine “bear the hallmarks of similar Russian activity we have observed before”.
In addition, Microsoft previously said it had observed destructive malware in systems belonging to several Ukrainian government agencies and organisations that worked closely with the government.
The malware was disguised as ransomware and if activated by the attacker it would render the infected computer system inoperable.
Hundreds of thousands of British Council students have also had their personal and login details exposed in a data breach.
An FCDO spokesperson said: “We do not comment on security but have systems in place to detect and defend against potential cyber incidents.”
