byMichael Hill
UK Editor
News
04 Sep 20234 mins
CyberattacksData Breach
Report claims the LockBit ransomware group has published vast amounts of stolen information on the dark web.
Credit: Metamorworks / Morrison1977 / Getty Images
Russian-aligned threat actors have reportedly hit the UK’s Ministry of Defence (MoD) and leaked stolen information on military and intelligence sites online. Hackers targeted the database of Zaun, a firm which handles physical security for some of Britain’s most secretive locations including a nuclear submarine base, a chemical weapon lab, and a GCHQ listening post, according to The Mirror. They released thousands of pages of data which could include highly sensitive national security details, with information about high-security prisons also stolen in the raid by notorious ransomware group LockBit, the news report said.
Attack could be “very damaging” to security of UK’s most sensitive sites
“On 5th – 6th August, Zaun was subjected to a sophisticated cyberattack on our IT network by the LockBit ransom group,” read a statement on the company’s website. “Our own cybersecurity prevented the server from being encrypted. We have been able to continue work as normal with no interruptions to service.”
The breach occurred through a rogue Windows 7 PC that was running software for one of the firm’s manufacturing machines. “The machine has been removed and the vulnerability closed,” it added. “We can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data.”
LockBit will have potentially gained access to some historic emails, orders, drawings, and project files, the statement continued, although Zaun “does believe that any classified documents were stored on the system” or have been compromised. The UK National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have been contacted with regards to the attack and data leak.
“This is potentially very damaging to the security of some of our most sensitive sites,” said Kevan Jones, a Labour MP who sits on the Commons Defence Select Committee. “The government needs to explain why this firm’s computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”
Attack “out of form” for LockBit group
The attack targeting Zaun does indeed have the potential for high impact given the sensitivity of the reported breached data, Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest, tells CSO. “This incident highlights the importance of understanding the security posture of suppliers, with third parties often targeted as a conduit to facilitate an intrusion into additional networks.”
The attack appears somewhat out of form for the LockBit ransomware group which, despite being the most active ransomware group for several years, commonly avoids targeting sensitive organizations or those that may unduly increase law enforcement attention on and media exposure to the group’s activities, Morgan says. “It is realistically possible that LockBit was initially unaware of the full ramifications of who it was targeting, and the type of data that was available. This has been seen several times by ransomware groups, including the Darkside group targeting US fuel provider Colonial Pipeline, and Conti impacting jewellery provider Graff.”
Conflicts expand to digital domain, place greater demands on security
The incident is an example of how physical conflict (specifically the ongoing war between Russia and Ukraine) is no longer limited to the traditional battlefield – expanding to the digital domain and placing ever greater demands on security apparatus, commented Tory MP Tobias Ellwood, chair of the defence committee. “How do we better defend ourselves from Russian-backed interference no doubt related to our stance in supporting Ukraine?,” he asked.
In April, the UK National Cyber Security Centre (NCSC) issued an alert to UK critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert stated that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, with CNI organisations strongly encouraged to follow NCSC advice on steps to take when cyber threat is heightened.
Related content
- newsRussian state-sponsored hacker used GooseEgg malware to steal Windows credentials A now-patched Windows Print Spooler flaw was used by Forest Blizzard to drop the privilege-elevating malware for credential stealing and persistence.ByShweta Sharma23 Apr 20243 minsMalwareWindows Security
- featureTop 10 physical security considerations for CISOs Securing premises and devices from physical attacks can be just as challenging as defending against cyber threats. Collaboration and communication with all teams involved is the key to success.ByEricka Chickowski23 Apr 202414 minsCritical InfrastructureSecurity InfrastructureSecurity
- opinionMicrosoft’s mea culpa moment: how it should face up to the CSRB’s critical report What should happen in the wake of the CSRB’s Microsoft report? This former security industry analyst has some suggestions.ByJon Oltsik23 Apr 20244 minsWindows SecuritySecurity PracticesVulnerabilities
- news analysisMore attacks target recently patched critical flaw in Palo Alto Networks firewalls The vulnerability found in GlobalProtect could be exploited to gain access to corporate networks and has seen a rise in compromise attempts despite being patched.ByLucian Constantin22 Apr 20245 minsThreat and Vulnerability ManagementZero-day vulnerabilityVulnerabilities
- PODCASTS
- VIDEOS
- RESOURCES
- EVENTS
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
by Michael Hill
UK Editor
Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.
More from this author
- featureIf you don’t already have a generative AI security policy, there’s no time to loseBy Michael Hill 27 Dec 2023 14 minsGenerative AIData and Information SecuritySecurity Practices
- newsBigID unveils new data risk remediation guidance featureBy Michael Hill 09 Nov 2023 4 minsThreat and Vulnerability ManagementData and Information SecurityRisk Management
- newsGenerative AI could erode customer trust, half of business leaders sayBy Michael Hill 08 Nov 2023 4 minsCSO and CISOGenerative AICompliance
- newsUS launches “Shields Ready” campaign to secure critical infrastructureBy Michael Hill 08 Nov 2023 3 minsGovernmentComplianceCritical Infrastructure
Most popular authors
Shweta Sharma
Senior Writer
Linda Rosencrance
Contributing Writer
Andy Ellis
Advisory CISO, Orca Security, and Contributing Writer
