Multiple rail stations across the UK have recently fallen victim to a cyberattack that has severely disrupted public Wi-Fi connectivity. Notable stations affected include Manchester Piccadilly, Birmingham New Street, and London Euston. Reports indicate that the attack began on Wednesday evening and continued into Thursday afternoon, with some stations still experiencing connectivity issues at the time of writing.
According to the Manchester Evening News, users attempting to connect to the compromised network were redirected to a peculiar webpage that displayed messages such as “We Love You, Europe,” alongside statements referencing terrorist attacks that have occurred in the UK and Europe. This alarming content suggests the attack had both a disruptive and propagandistic motive. Notably, this incident follows a recent ransomware attack on Transport for London (TfL) by the CLOP ransomware gang, which is still in the recovery phase from that breach.
Further investigation revealed that the networks managed by Network Rail, specifically the technology services provider Telent, were infiltrated by what is believed to be a state-sponsored threat actor. Telent is responsible for providing digital infrastructure and Wi-Fi services to various rail stations across Britain. As a result of the attack, approximately 19 major railway stations experienced significant disruptions, inconveniencing thousands of commuters and travelers who depend on reliable internet access for work or to stay connected with family and friends during their journeys.
The impacted stations include:
a.) Bristol Temple Meads
b.) Birmingham New Street
c.) Clapham Junction
d.) Edinburgh Waverley
e.) Glasgow Central
f.) Guildford
g.) Leeds City
h.) Liverpool Lime Street
i.) London Bridge
j.) London Cannon Street
K.) London Charing Cross
L.) London Euston
M.) London King’s Cross
N.) London Liverpool Street
o.) London Paddington
P.) London Victoria
Q.) London Waterloo
R.) Manchester Piccadilly
S.) Reading
In response to this troubling situation, the British Transport Police, in collaboration with the National Cyber Security Centre (NCSC)—the cybersecurity arm of GCHQ—has initiated a comprehensive investigation to identify the perpetrators behind this attack. A forensic team has been deployed to assess the breach and implement measures to mitigate any potential risks stemming from the incident.
As the investigation unfolds, it underscores the pressing need for enhanced cybersecurity measures in critical infrastructure sectors, particularly as cyber threats continue to evolve and pose significant risks to public services.
On September 27,2024 the British Transport Police arrested an employee( name withheld) from Global Reach Technology that provided Wi-Fi services to Network Rail.