Staff at the Northern Ireland Assembly were asked to change their passwords urgently after the IT security team discovered a brute-force cyber attack carried out by external actors in an attempt to access the parliament’s email system.
According to the Belfast Telegraph, the Assembly IT office issued a guidance to the entire staff after it observed that hackers had used a large number of password combinations to break into the Assembly’s email system. Employees were reportedly asked not to keep simple and easily-guessable passwords in order to ensure their accounts aren’t breached.
“The Assembly Commission’s IT system has been subjected to unauthorised attempts to access email accounts. We are taking all necessary steps to manage and mitigate this and are working with the appropriate authorities, both locally and nationally.
“The Assembly takes the security of its IT systems very seriously and strives continually to ensure that all systems are secure. The Commission does not wish to comment any further at this stage,” an Assembly spokesman told the Belfast Telegraph.
According to the BBC, the hackers managed to break into a number of email accounts but these were later disabled by the Assembly’s IT security team. The team is now working with the NCSC as well as with Microsoft to investigate the hacking incident.
A similar attack on Holyrood
A similar brute-force cyber attack to breach email accounts was launched last year on the Scottish Parliament, commonly known as Holyrood. Hackers behind the operation also used a number of password combinations to exploit weak passwords associated with email accounts of Holyrood officials.
Even though none of the email accounts were compromised, several were locked out following multiple login attempts by the suspected hackers.
“The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources. This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins,” said Sir Paul Grice, chief executive of the Scottish Parliament.
According to the Sunday Herald, a number of Scottish parliamentarians, as well as Holyrood officials, later suspected China of being behind the cyber attack in August. However, Holyrood neither backed their assertions officially nor did it name China in any of its statements.
‘We can see which countries across Europe and further afield the attack was routed through, but that doesn’t confirm the place of origin. We won’t list those countries through which the attack was routed but we are liaising with the National Cyber Security Centre,’ said a Scottish Parliament spokesperson.