Britain’s signals intelligence agency suffered a cyber-espionage breach at the hands of a state actor two decades ago, the National Cyber Security Centre (NCSC) has revealed.
Cyber experts from information assurance authority the Communications-Electronics Security Group (CESG) were apparently called to investigate after an employee discovered suspicious activity on a workstation.
Read more on UK cyber intelligence: GCHQ Ramps Up Intelligence Sharing with UK Firms
Subsequent analysis revealed that malware designed to steal data and bypass anti-virus protections had been installed on the machine via a phishing email. The June 2003 incident was the first time GCHQ combined signals intelligence with cybersecurity to identify the threat actor and conclude that cyber-espionage had been their intent.
The NCSC claimed this was a groundbreaking incident which kickstarted GCHQ’s cyber-threat response activities.
GCHQ offshoot the NCSC picked up responsibility for these when it was launched in 2016, combining expertise from CESG, the Centre for Cyber Assessment, CERT-UK and the Centre for Protection of National Infrastructure, subsequently renamed the National Protective Security Authority.
“Twenty years ago, we were just crossing the threshold of the cyber-attack arena, and this incident marked the first time that GCHQ was involved in a response to an incident affecting the UK government,” explained NCSC director of operations, Paul Chichester.
“It was also the first time that the UK and Europe started to understand the potential online risks we faced and our response transformed how we investigate and defend against such attacks. The NCSC and our allies have come such a long way since this incident, and it is reassuring to be at the forefront of efforts to develop tools and techniques to defend against cyber-threats and keep our respective nations safe online.”