[BreachExchange] Gloucester Council cyber attack linked to Russian hackers

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Wed Jan 19 13:52:39 EST 2022 

https://www.bbc.com/news/uk-england-gloucestershire-60045060

A cyber attack which has knocked out parts of a council website has been
linked to the work of Russian hackers.

Gloucester City Council became aware that its IT systems had been affected
on 20 December last year.

Since then, the council's online revenue and benefits, planning and
customer services have been affected.

The council has been working with the National Crime Agency and the
National Cyber Security Centre to understand more about the attack.

Gloucester City Council said its sources, who do not wish to be named,
allege the cyber attack was carried out by hackers from Russia.

According to the Local Democracy Reporting Service, the malware made its
way into the local authority's system embedded in an email which had been
sent to a council officer.

The harmful software, known as sleeper malware, is understood to have been
dormant for some time before it was activated.

Other local authorities and government agencies are currently blocking the
council's emails.

Online application forms used to claim for housing benefit, council tax
support, test and trace support payments, discretionary housing payments
and several other services have been delayed or are unavailable.

Residents have been asked to contact the council via email instead.

'Resolve and rebuild'
Lib Dem councillor Jeremy Hilton said benefits and council staff will still
be paid.

"This is the second time, in ten years, that this has happened," he added.

Labour group leader Terry Pullen said: "What worries me most is that there
seems to be no indication as to when IT systems will return to normal.

"A cyber incident like this is likely to incur considerable extra costs and
considering the continual budget cuts to city council services it is far
from clear how this will be paid for."

Council leader Richard Cook said the local authority was doing everything
it can to "address the situation as quickly as possible".

The council has warned the problem could take up to six months to resolve
as affected servers and systems need to be rebuilt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220119/840f9d6d/attachment.html>

More information about the BreachExchange mailing list