Security News > 2023 > September > LockBit leaks sensitive data from maximum security fence manufacturer

LockBit leaks sensitive data from maximum security fence manufacturer
2023-09-05 14:19

The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running Windows 7 and using it as an initial point of access to the wider company network.

"At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data. However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data. LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised."

Zaun says that its cybersecurity staff prevented the server storing the data from being encrypted, so their work continued as normal.

Some of the stolen data was later leaked by LockBit on the dark web and, according to the Daily Mirror, among it were "Thousands of pages of data which could help criminals get into the HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post."

"As such it is not considered that any additional advantage could be gained from any compromised data beyond that which could be ascertained by going to look at the sites from the public domain. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it."

Zaun has informed the West Midlands Regional Cyber Crime Unit, the National Cyber Security Centre and the Information Commissioner's Office about the attack and data breach.


News URL

https://www.helpnetsecurity.com/2023/09/05/zaun-breach/