Breaking: UK MoD attacked by LockBit

Russian ransomware gang compromised a supplier

The leak revealed details on MoD sites around the UK

Image:
The leak revealed details on MoD sites around the UK

The compromise of a third-party supplier has exposed sensitive information about British intelligence.

The Russian ransomware gang LockBit has compromised the UK's Ministry of Defence, releasing thousands of pages of data online.

The leak includes information on the HMNB Clyde nuclear submarine base; the Porton Down chemical weapon lab; a GCHQ listening post; high-security prisons and 'a military site key to our cyber defences', according to the Daily Mirror.

The information was stolen last month, after LockBit breached MoD supplier Zaun.

Based in the West Midlands, Zaun manufacturers fences and other perimeter security measures for high-risk sites.

The company suffered a "sophisticated" cyberattack on the 5th and 6th August, via a rogue Windows 7 PC running software for a manufacturing machine. The attackers, identified as the LockBit group, were able to download a small amount of data, but Zaun's IT team was able to prevent its servers from being encrypted.

Although Zaun tried to downplay the sensitivity of the compromised data, it appears to be related to the company's work with the MoD.

Labour MP Kevan Jones, sitting on the Commons Defence Select Committee, said, "The Government needs to explain why this firm's computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern."

The Mirror says the leak includes 'a sales order report for equipment at GCHQ's communications complex in Bude, Cornwall. GCHQ describes Bude as playing "a critical part" in our security. The leak [also] includes security equipment at RAF Waddington, Lincs, where the Reaper attack drones squadron is based, and Cawdor Barracks, whose 14th Signal Regiment deals in electronic warfare.'

Also included were 'detailed drawings' for perimeter fencing at Cawdor, in Pembrokeshire, and a map highlighting installations at the site.

More concerningly, some of the information related to HMNB Clydem aka Faslane - home to the UK's Trident nuclear submarines.

LockBit has been a prolific attacker in the last 12 months, compromising Royal Mail, financial software business ION, the Port of Lisbon and Windows Exchange servers. In total, the gang is said to have breached more than 1,400 targets.

Conservative MP Tobias Ellwood, chair of the Defence committee, said, "How does this affect the ability of our defence establishments to continue functioning without threat of attack? How do we better defend ourselves from Russian-backed interference no doubt related to our stance in supporting Ukraine?

"Finally, this is another example of how conflict is no longer limited to the traditional battlefield, it now includes the digital domain and is placing ever greater demands on security apparatus."