Russian-aligned threat actors have reportedly hit the UK’s Ministry of Defence (MoD) and leaked security information on military and intelligence sites online. Hackers targeted the database of Zaun, a firm which handles physical security for some of Britain’s most secretive locations including a nuclear submarine base, a chemical weapon lab, and a GCHQ listening post, according to The Mirror. They released thousands of pages of data which could include highly sensitive national security details, with information about high-security prisons also stolen in the raid by notorious ransomware group LockBit, the news report said.
Attack “very damaging” to security of UK’s most sensitive sites
“On 5th – 6th August, Zaun was subjected to a sophisticated cyberattack on our IT network by the LockBit ransom group,” read a statement on the company’s website. “Our own cybersecurity prevented the server from being encrypted. “We have been able to continue work as normal with no interruptions to service.”
The breach occurred through a rogue Windows 7 PC that was running software for one of the firm’s manufacturing machines. “The machine has been removed and the vulnerability closed,” it added. “We can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data.”
LockBit will have potentially gained access to some historic emails, orders, drawings, and project files, the statement continued, although Zaun “does believe that any classified documents were stored on the system” or have been compromised. The UK National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have been contacted with regards to the attack and data leak.
“This is potentially very damaging to the security of some of our most sensitive sites,” said Kevan Jones, a Labour MP who sits on the Commons Defence Select Committee. “The government needs to explain why this firm’s computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”
Conflicts expand to digital domain, place greater demands on security apparatu
The incident is an example of how physical conflict (specifically the ongoing war between Russia and Ukraine) is no longer limited to the traditional battlefield – expanding to the digital domain and placing ever greater demands on security apparatus, commented Tory MP Tobias Ellwood, chair of the defence committee. “How do we better defend ourselves from Russian-backed interference no doubt related to our stance in supporting Ukraine?,” he asked.
In April, the UK National Cyber Security Centre (NCSC) issued an alert to UK critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert stated that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, with CNI organisations strongly encouraged to follow NCSC advice on steps to take when cyber threat is heightened.