LockBit Leaks Documents Filched From UK Defense Contractor

A company that builds physical perimeter defenses failed to keep the LockBit group from penetrating its cyber defenses.

Last month, a British perimeter security company was breached by the LockBit group. Despite only accessing a small fraction of the company's internal network, the hackers nonetheless appear to have leaked sensitive documents relating to the physical security of agencies in the UK Ministry of Defence.

Cybersecurity Breach at a Physical Security Company

In early August, the world's most prolific ransomware outfit set its fire on Zaun Ltd., a Wolverhampton, England-based manufacturer of perimeter fencing, security gates, bollards, and other physical security barriers. In a public disclosure published Sept. 1, the company explained that the group had breached a PC used to control one of its manufacturing machines.

Without disclosing the precise vulnerability that enabled the attack, Zaun acknowledged the compromised PC was running on Windows 7. First released in 2009, support for Windows 7 concluded in 2020, and extended security updates ended in January 2023. Industrial plants have a reputation for running outdated software, thanks in part to the prioritization of uptime, safety concerns for on-site staff, and more.

According to Zaun, its cybersecurity systems prevented its data from being encrypted. Still, the attackers managed to run off with about 10 gigabytes worth of data — approximately 0.74% of the company's total stored data — from the vulnerable PC, and possibly from its internal server.

The stolen data may have included "some historic emails, orders, drawings, and project files," the company admitted, adding that "we do not believe that any classified documents were stored on the system or have been compromised."

How Bad Was It?

Zaun's characterization of its breach clashes with reporting by multiple British tabloids, that the LockBit group leaked to the Dark Web sensitive information relating to Zaun's business with entities of the UK's Ministry of Defence.

Leaked company data reportedly included details about security equipment at a Royal Air Force station in the British midlands, a military research facility in south England, and a British Army barracks in western Wales. Information pertaining to a series of UK prisons was exposed, as well as sales orders made by military and intelligence agencies, including GCHQ and a Royal Navy base in Scotland.

Zaun didn't responded to a request for comment from Dark Reading, but did provide a tamer view of its stolen data in its press release. "These fencing products are generally used to separate the public from the secure asset and as such are on public display and in the public domain," the company explained. "Full details of all our products are also available on our website and available for unrestricted purchase. As such it is not considered that any additional advantage could be gained from any compromised data beyond that which could be ascertained by going to look at the sites from the public domain."