Ministry of Defence documents leaked after cyber-attack on security firm

The LockBit ransomware group has stolen thousands of Ministry of Defence papers and uploaded them to the dark web, after hacking into fencing manufacturers, Zaun.  

The firm, who have since released a statement labelling the incident as a “sophisticated cyber-attack”, said the incident occurred early last month through a “rogue Windows 7 PC” that is no longer in operation.  

According to Zaun, it is believed the incident did not compromise any classified documents.

However, a recent report by The Daily Mirror said the stolen documents contained information that could help the group access sites, including the Faslane nuclear submarine base in Scotland, several high-security prisons, as well as other national security details. It is believed other areas of government may have been affected by the security breach.

The firm contacted the National Cyber Security Centre for advice and said that they would keep “relevant agencies” updated on any findings from the ongoing investigation.  

Often described as one the world’s most dangerous hacking gang, this is not the first attack the Russian-linked criminal group has carried out on UK companies. Earlier this year, it demanded an £80m ransom after hacking into the Royal Mail’s software, blocking international shipments, and last summer, it attacked the NHS, forcing doctors to keep patient records offline. Mikhail Pavlovich, who is on the FBI’s most wanted list, is believed to have led the group’s cyber-attack.  

A spokesperson for Zuan said: “LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available. This is an ongoing investigation and as such subject to further updates.”  

The breach has evolved into a debate amongst the UK Government on the storage of data and the lack of security measures.  

Reacting to the incident, Kevan Jones member of the Commons Defence Select Committee said: “This is potentially very damaging to the security of some of our most sensitive sites.  

“The government needs to explain why this firm’s computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”  

Tobias Ellwood chair of the defence committee, also addressed the matter and asked: “How does this affect the ability of our defence establishments to continue functioning without the threat of attack? How do we better defend ourselves from Russian-backed interference, no doubt related to our stance in supporting Ukraine?  

“This is another example of how conflict is no longer limited to the traditional battlefield; it now includes the digital domain and is placing ever greater demands on security apparatus.”