Defence

While routine security and resilience measures are primarily handled by the Ministry of Defence and industry partners, the sheer scale and growing intensity of hybrid activities by adversarial states demand a unified national strategy that includes:

• Raising awareness of the hybrid threats facing our defence sector

• Increasing defence budgets and innovation funding

• Fostering closer collaboration across industry, government and the public

The Resilience Imperative seeks to strengthen the UK's national response to hybrid threats by enhancing public awareness, advocating for essential defence and security investments, and promoting sector-wide engagement. Through structured analysis, industry collaboration, and targeted public outreach, it fosters a whole-of-society approach that complements government efforts. Ultimately, it aims to elevate security and resilience as a top public priority, cultivating informed support for strategic investments and public buy-in for the vital need to protect our defence sector.

Why Your Support Matters

Resilience empowers defence companies to prepare for, absorb, and rebound from a spectrum of disruptions. For the UK, cultivating multifaceted resilience represents a strategic imperative to build genuine national security and sustain competitive advantage.

By becoming a corporate member of The Resilience Imperative, your organisation will help advance our mission, strengthening the national security posture from which your operations benefit, while accessing the following strategic value:

• Insight and Forecasting: members will receive fortnightly resilience and hybrid threat reports delivering structured, sector-specific analysis alongside macro-level assessments of the UK threat environment, through our relationship with Sibylline. This reporting aims to improve awareness and inform resilience planning.

• Leadership Forum and Strategic Dialogue: Participate in senior-level forums and cross-sector engagement through our relationship with Resilience First, to foster strategic dialogue and share best practice to assist with benchmarking exercises.

• Unlock innovative talent: we will share with you examples of defence sector innovations through our thought-leading network.

• National Security Leadership: demonstrate your organisation’s active contribution to strengthening UK national resilience and security. By supporting this initiative, you signal to government, industry peers and the public that your organisation recognises the increasing threats and is committed to safeguarding the infrastructure and defence capabilities upon which the UK economy and wider society depends.

Hybrid Threats: Specific Case Studies

Below are examples from the UK and also from elsewhere in Europe, as a likely foreshadowing of what attacks the UK can anticipate:

• Sabotaging a UK Aerospace Supplier - in January 2026, pro-Palestine activists vandalised the Bruntons Aero Products facility in Musselburgh, Scotland, damaging machinery, internal servers and office equipment. Bruntons operates within the UK aerospace supply chain and was reportedly targeted due to alleged links to Leonardo, a defence prime contractor involved in the F-35 programme. The incident followed similar attacks on defence-related facilities in Edinburgh and Glasgow in late 2025. The attack underscored the vulnerability of lower-tier suppliers within the UK defence industrial base and the potential for significant operational disruption.

• Targeting Drone Manufacturers - in October 2025 the North Korean Lazarus APT group targeted three European defence companies involved in drone component manufacturing. The attackers conducted a social engineering campaign using spoofed job offers to deliver a remote access trojan to employees. The incident highlights recruitment processes as a growing vulnerability within the defence sector.

• Breach of UK Ministry of Defence Contractor - in October 2025, the Russian cybercrime group Lynx breached Dodd Group, exfiltrating 4TB of data. The compromised material reportedly included sensitive documentation relating to eight RAF and Royal Navy bases, as well as visitor logs, staff details, security guidance and construction records. Around 1,000 documents were leaked online following a ransomware deployment.

• Targeting Western Logistics and Technology Organisations - in May 2025, the UK’s National Cyber Security Centre (NCSC), alongside international partners, exposed a sustained malicious cyber campaign conducted by Russia’s GRU Unit 26165 (also known as APT28). Since 2022, the group has targeted public and private organisations across NATO member states, particularly those involved in the coordination, transport and delivery of assistance to Ukraine. Sectors affected included defence, IT services, maritime logistics, airports, ports and air traffic management systems.

• Remote Worker Infiltration - in April 2025, North Korean cyber actors expanded infiltration operations targeting European defence and government organisations by posing as remote IT workers. Using falsified identities, they secured employment to gain legitimate network access, enabling espionage, data exfiltration and, in some cases, extortion against former employers. This tactic reflects a shift toward insider-style access through exploitation of remote work structures, complicating detection and expanding the threat surface beyond traditional external network intrusions.

• Payroll Data Breach - in May 2024, Chinese-linked hackers compromised a third-party contractor responsible for UK Ministry of Defence payroll services. The breach exposed personal and banking information of current and former armed forces personnel. The case illustrates how outsourced administrative systems can create indirect but significant national security vulnerabilities, particularly where service personnel data may be exploited for coercion or targeted social engineering.