Gigabytes of sensitive data related to British military and intelligence sites have been exposed by the infamous LockBit ransomware group.
Zaun, a Wolverhampton-based manufacturer of fencing systems, has revealed it was hit by a cyber-attack carried out by LockBit on August 5-6.
“In an otherwise up-to-date network, the breach occurred through a rogue Windows 7 PC that was running software for one of our manufacturing machines. Our own cyber security prevented the server from being encrypted. The machine has been removed and the vulnerability closed. We have been able to continue work as normal with no interruptions to service,” the company said in a statement published on September 1, 2023.
At the time of the attack, Zaun believed its cybersecurity solutions thwarted any transfer of data.
“However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, potentially including some historic emails, orders, drawings and project files,” the statement continued.
LockBit claimed responsibility for this attack on August 13. The gang gave Zaun until August 29 to pay an undisclosed ransom – after which it published some data on their leak site.
Zaun Denied Claims of Sensitive Data Being Breached
Although Zaun said it does not believe that any classified documents were stored on the system or have been compromised, The Daily Mirror reported that the data released by LockBit included thousands of pages of data that could help criminals get into His Majesty's Naval Base, Clyde (HMNB Clyde) nuclear submarine base, the Porton Down chemical weapon lab and GCHQ’s communications complex in Bude, Cornwall.
It has also been reported that detailed drawings for perimeter fencing at Cawdor, a British Army site in Pembrokeshire, and a map highlighting installations at the site have been compromised. Additionally, documents relating to a string of jails, including Category A Long Lartin, Worcestershire, and Whitemoor, Cambridgeshire, were stolen in the raid.
“As such it is not considered that any additional advantage could be gained from any compromised data beyond that which could be ascertained by going to look at the sites from the public domain,” Zaun said.
The West Midlands Regional Cyber Crime Unit is aware of the attack and are currently conducting an investigation.
Concerns from Bipartisan Defence Committee
On August 3, Kevan Jones, a Labour MP and member of the Commons Defence Select Committee, warned: “This is potentially very damaging to the security of some of our most sensitive sites. The government needs to explain why this firm’s computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”
Tory MP Tobias Ellwood, who chairs the Defence Committee, also voiced his concerns. He asked: “How does this affect the ability of our defense establishments to continue functioning without the threat of attack? How do we better defend ourselves from Russian-backed interference, no doubt related to our stance in supporting Ukraine? Finally, this is another example of how conflict is no longer limited to the traditional battlefield; it now includes the digital domain and is placing ever greater demands on security apparatus.”
Zaun’s statement read: “The National Cyber Security Centre (NCSC) has been contacted and we are taking their advice on this matter. The ICO has been contacted as well with regard to the attack and data leak. Zaun is a manufacturer of fencing systems and not a government-approved security contractor. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it.”
Zaun Limited and the UK Ministry of Defence were contacted by Infosecurity but did not respond to requests for comment.