Operation Silent Trader places you at the helm of the Cyber Security Response Team for the London Stock Exchange (LSE), defending one of the world’s largest financial institutions from a highly sophisticated cyberattack.
Your team must safeguard core electronic trading systems while adversaries attempt to manipulate market algorithms and exploit timing discrepancies for profit.
The stakes: continuity of operations, public trust, and the stability of international markets.
As the Cyber Security Response Team for the London Stock Exchange (LSE), you are responsible for identifying, containing, and remediating cyber threats affecting electronic trading platforms.
You operate in real time under market pressure, coordinating with operations, trading technology, legal and compliance teams, and UK regulators.
Originating in the late 17th century, the London Stock Exchange has evolved into one of the world’s most significant financial marketplaces, supporting trillions of pounds in market value.
Learn more via LSE’s Market Fundamentals .
The LSE operates within a strict UK regulatory framework governed by the FCA, Bank of England, and National Cyber Security Centre to preserve market integrity and confidence.
Electronic trading has transformed global markets through automation, low-latency networking, algorithmic execution, and regulated post-trade reporting.
Orders are generated by traders or algorithms, routed to venues based on price and liquidity, executed, then passed to clearing and settlement systems.
Each step presents an attack surface. Manipulation or delay can undermine market confidence and trigger regulatory breaches.
Financially motivated actors target credentials, deploy ransomware, or manipulate trading data for profit.
Strategically motivated threats aim to erode confidence through disruption, data corruption, or denial of service.
These threats often overlap, compounding operational and reputational risk.
Advanced Persistent Threats (APTs) are targeted, long-duration intrusions designed to stay hidden inside critical environments. For the LSE, the risk isn’t only “getting hacked” — it’s an attacker quietly learning systems, exploiting trust relationships, and choosing the moment to manipulate data, disrupt trading, or undermine confidence.
OSINT and supplier research to identify targets, access pathways, and weak links.
Credential theft, phishing, or exploitation of exposed services to gain a foothold.
Backdoors, hidden accounts, or command channels to ensure repeatable access.
Privilege escalation and movement toward high-value systems and identity controls.
Exfiltrate sensitive data, disrupt services, or manipulate trading-relevant information.
Redundancy in tooling and credentials to survive containment and remediation.
Log tampering and artefact cleanup to delay detection and complicate forensics.
Before you advance to the Mission Briefing please ensure: