LockBit Hacked British Military Data 

Uploaded on 2023-09-06 in TECHNOLOGY--Hackers, GOVERNMENT-Defence, FREE TO VIEW

More details are emerging of the recent supply chain attack on the British Ministry of Defence (MoD) in whch a norious Russian hacking group known as LockBit have successfully hacked and accessed gigabytes of sensitive data related to British military and intelligence sites. 

The hackers reportedly targeted Zaun, a manufacturer provider of metal fences for military applications at maximum security sites.

According to the company, LockBit breached a heavily outdtated Windows 7 computer that was running software for one of its manufacturing machines. “In an otherwise up-to-date network, the breach occurred through a rogue Windows 7 PC that was running software for one of our manufacturing machines. Our own cyber security prevented the server from being encrypted. The machine has been removed and the vulnerability closed. We have been able to continue work as normal with no interruptions to service,” the company said in a statement.

Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22, 2009 and  Windows 7 support ended on January 14, 2020

"We can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data."

The Wolverhampton-based Zaun, said it believed that no classified information was downloaded, however reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK's most sensitive military and research sites.

The LockBit Ransom group conducted the attack on the company's network and exfiltrated 10GB of data. The company has admittedd that the attack might have reached its server beyond the Windows 7 entry point. “Zaun was subjected to a sophisticated cyberattack on our IT network by the LockBit ransom group," read Zaun’s company statement on its website. "Our own cyber security prevented the server from being encrypted. We have been able to continue work as normal with no interruptions to service."

The  obsolete Windows 7 PC that was running software for one of the firm's manufacturing machines has been removed and the vulnerability closed, according to Zaun.

Members of the British Parliament warned that any sensitive security information could be transferred to UK enemies, creating a “huge concern” for the country. A source from the defense industry said the issue is now being taken “very seriously,” but assured that there is no indication that the stolen data presents a real threat to national security.

Zaun:     Microsft:    The Register:   The Defense Post:      CSO Online:   Infosecurity Magazine

Image: Public Domain

You Might Also Read: 

Legacy Technology is Undermining How Business Responds To Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How To Check If A Link Is Safe
Establishing A Digital Immune System »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Board of Cyber

Board of Cyber

Board of Cyber offers Security Rating: a fast, non-intrusive, continuous, 100% automated solution to evaluate the cyber performance of an organization.