The UK National Cyber Security Centre (NCSC) has revealed details of the first cyberattack perpetrated against the UK government by another state. The rare insight marks the 20th anniversary of a malware attack on a government department that was identified by GCHQ\u2019s Communications-Electronics Security Group (CESG) as state-sponsored cyber espionage. The response acted as the forerunner to a capability that became the NCSC, which was launched in 2016.\n\nToday, state-sponsored cyber campaigns against other nations are common, particularly during periods of conflict and political unrest. The current Russia-Ukraine conflict is a prime example. Microsoft\u2019s latest nation-state cybersecurity intelligence report revealed a wave of cyberattacks from an actor it calls \u201cCadet Blizzard\u201d associated with the Russian GRU. These attacks, which began in February 2023, target government agencies and IT service providers in Ukraine. It also revealed \u201cCadet Blizzard\u201d as a new Russian state-sponsored threat actor that targeted Ukraine before the Russian invasion began, likely in an attempt to weaken infrastructure ahead of the assault.\n\nGCHQ fused intelligence capabilities with cybersecurity function for the first time\n\nIn June 2003, cyber experts were called upon to investigate after a government employee detected suspicious activity on one of their workstations, the NCSC wrote in a blog. At the time, there was no government agency set up to deal with cyberattacks, nor was there a dedicated national incident management function. A suspected phishing email was identified, so technical specialists sought help from the CESG \u2013 the information assurance arm of GCHQ at that time.\n\n\u201cCESG\u2019s analysis discovered that malware, designed to steal sensitive data and evade anti-virus products, had been installed, raising suspicions about the attacker\u2019s intent and setting in motion a series of actions that was transformative to cyber incident investigations,\u201d the NCSC said. For the first time, GCHQ fused its signals intelligence capabilities with its cybersecurity function to investigate and identify the actor responsible.\n\nThe ground-breaking analysis, coupled with international engagement, led CESG to conclude the intent of the attack had been cyber espionage by a nation-state, setting in train a mission that today is at the heart of NCSC operations, namely understanding and responding to cyber threats to the UK.\n\nIncident reflected a crossing of the threshold in the cyberattack arena\n\n\u201cTwenty years ago, we were just crossing the threshold of the cyberattack arena, and this incident marked the first time that GCHQ was involved in a response to an incident affecting the UK government,\u201d said Paul Chichester, director of operations at the NCSC. \u201cIt was also the first time that the UK and Europe started to understand the potential online risks we faced and our response transformed how we investigate and defend against such attacks.\u201d\n\nThe NCSC and its allies have come such a long way since this incident, and it is reassuring to be at the forefront of efforts to develop tools and techniques to defend against cyber threats and keep our respective nations safe online, he added.