It is not quite accurate to say that the cyber-attack against the British Library took place on 28 October 2023. Most probably, Rhysida, the hacker gang that orchestrated the attack and is thought to be Russian, had already been creeping undetected through the digital territories of the British Library for months, Enrico Mariconti, a lecturer in security and crime science at UCL, told me.
Once it broke through to the library’s virtual private network (VPN) – the remote connection that allows employees to access its network from any location – it could in theory start making its way through locked door after locked door of the library’s many online systems, trawling until it discovered emails and documents containing details such as employees’ passport scans and work contracts. It hoped these documents might tempt a single bidder to pay 20 bitcoins (about £600,000) for privileged access to all that personal information.
Source: The Guardian