Bloomberg is reporting the United Kingdom publicly announced its first major government-backed cyber attack, conducted in 2017, targeted Islamic State:
Jeremy Fleming, the director of GCHQ, which is better known for its communications interception work, said his agency had worked with the Ministry of Defence to make “a significant contribution to coalition efforts” against the al-Qaeda splinter group. He said that as well as making it “almost impossible” for the group to spread its message, the attack had protected forces on the battlefield.
“This is the first time the U.K. has systematically and persistently degraded an
adversary’s online efforts as part of a wider military campaign,” Fleming told a cybersecurity conference in Manchester, England, “Did it work? I think it did.”
He said other operations might “look to deny service, disrupt a specific online activity, deter an individual or a group, or perhaps destroy equipment and networks.”
Notice the qualifying “as part of a wider military campaign” added to the statement? What this likely means is this attack against Islamic State is not the first time the UK has conducted cyber attacks, but one in which a cyber attack was only one aspect of a multi-faceted, multi-domain operation.
There is no doubt the UK has conducted previous cyber attacks. Although the nation has never publicly proclaimed so, the country is one of the stronger purveyors of cyber capabilities, and absolutely leverages them when necessary. Since the inception of the UK NCSC, which is part of the GCHQ, this operation was likely the first time the organization worked in tandem with the Ministry of Defence for this strategic opportunity.