Gavin Knapp, cyber threat intelligence lead at Bridewell, a supplier to the UK government critical network infrastructure, endorsed the severity of this approach. He said, “it’s like when a device is compromised, the only way to truly be sure there are no remnants, or unidentified backdoors is to restore the asset to a known good state. In the physical realm, in particular a data centre, to sweep and verify there is no enduring threat actor / spy presence is much more difficult, and at a state secrets level the required effort to treat or terminate the risk requires a huge amount of effort and cost to bring risks down to an acceptable level.”
While it’s not clear exactly how the data hub had been compromised, Martin Riley, CTO at Bridewell, said, “The main point of entry may have been a VPN, as is common with Chinese actors, but if they have already moved across the environment and escalated privileges, then the impact would be wider.“
Riley noted that when the government said it had discovered another way to protect the data, it was likely that it had patched a vulnerability “after performing incident response to understand the breadth of the breach and how it was initially accessed.”
