Russian-aligned threat actors have reportedly hit the UK’s Ministry of Defence (MoD) and leaked stolen information on military and intelligence sites online. Hackers targeted the database of Zaun, a firm which handles physical security for some of Britain’s most secretive locations including a nuclear submarine base, a chemical weapon lab, and a GCHQ listening post, according to The Mirror. They released thousands of pages of data which could include highly sensitive national security details, with information about high-security prisons also stolen in the raid by notorious ransomware group LockBit, the news report said.
Attack could be “very damaging” to security of UK’s most sensitive sites
“On 5th – 6th August, Zaun was subjected to a sophisticated cyberattack on our IT network by the LockBit ransom group,” read a statement on the company’s website. “Our own cybersecurity prevented the server from being encrypted. We have been able to continue work as normal with no interruptions to service.”
The breach occurred through a rogue Windows 7 PC that was running software for one of the firm’s manufacturing machines. “The machine has been removed and the vulnerability closed,” it added. “We can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data.”
LockBit will have potentially gained access to some historic emails, orders, drawings, and project files, the statement continued, although Zaun “does believe that any classified documents were stored on the system” or have been compromised. The UK National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have been contacted with regards to the attack and data leak.
“This is potentially very damaging to the security of some of our most sensitive sites,” said Kevan Jones, a Labour MP who sits on the Commons Defence Select Committee. “The government needs to explain why this firm’s computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”
Attack “out of form” for LockBit group
The attack targeting Zaun does indeed have the potential for high impact given the sensitivity of the reported breached data, Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest, tells CSO. “This incident highlights the importance of understanding the security posture of suppliers, with third parties often targeted as a conduit to facilitate an intrusion into additional networks.”