UK government confirms Foreign Office cyber attack | Computer Weekly

UK government confirms Foreign Office cyber attack | Computer Weekly

Briefly

"The UK government has admitted that IT systems at the Foreign, Commonwealth and Development Office (FCDO) were hacked in October, but insists the attack had a "low risk" of personal data being compromised. During a round of broadcast interviews today (19 December 2025), trade minister Chris Bryant said it was "not clear" who perpetrated the attack, although the first report on the hack, revealed in The Sun, attributed it to a China-based threat actor known as Storm 1849."

"Users were told to replace any devices reaching end-of-life support, noting the significant risks that ageing or obsolete hardware can pose. Bryant said some of the reports about the FCDO hack were "speculation", but that the government had managed to "close the hole" quickly, and that security experts were confident there was a "low risk" of any individual being affected. The Sun report claimed hackers accessed confidential data and documents, possibly including thousands of visa details."

"The Storm 1849 attack campaign on Cisco equipment was dubbed ArcaneDoor, and targeted two zero-day vulnerabilities. One was a high-severity denial-of-service vulnerability capable of remote code execution; the other was a high-severity persistent local code execution vulnerability. While government IT systems always face scrutiny over cyber security, the hack will provide further fuel for critics of plans to introduce a national digital ID scheme, many of whom have already raised concerns about the potential risks of gathering citizen identity data."