Overview

• Reports say hundreds of documents tied to eight RAF and Royal Navy sites have been posted on the dark web, including material marked 'Controlled' and 'Official Sensitive'.
• The intrusion was routed through the Dodd Group, a maintenance and construction contractor to the Ministry of Defence, in a supply-chain attack.
• Officials say they are actively investigating, as the Dodd Group states that limited data was taken and that its systems have been secured and recovered.
• Coverage attributes the operation to the Russian cybercriminal group Lynx, which is linked to staged releases of the stolen material.
• Timeline reporting indicates the network was breached on September 23, with attackers claiming to have exfiltrated roughly 4TB and publishing two of four planned data dumps, including files related to RAF Lakenheath and RAF Mildenhall where US assets are based.