The Scottish Parliament was hit by an alleged nation-state cyberattack targeting MPs’ email accounts on Tuesday, closely resembling the brute force attack on computer systems at Westminster in June, The Guardian writes.
In an internal bulletin from Holyrood Chief Executive Sir Paul Grice, MPs and Holyrood staff were warned about the attack and told that hackers were trying to crack their passwords to access their email accounts. Some accounts were locked for safety purposes.
“The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources,” wrote Grice.
“This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins.”
“The parliament’s robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational.”
An internal investigation by IT staff found many email accounts used weak, easy-to-break passwords through accessible software. Employees were urged to immediately update their passwords and use strong combinations of letters and numbers.
Like the attack on Westminster, when 90 accounts were compromised, the attack on the Scottish Parliament is said to have been launched by either Russia or North Korea. However, sources say the Russian government is more likely to have been involved, following its links to political cyberattacks in France and the US.