Middle East Institute
Russian-linked ransomware group steals thousands of MoD papers
Photo: Adobe Stock
Thousands of Ministry of Defence papers have been stolen and uploaded to the dark web after the LockBit ransomware group hacked into fencing manufacturers Zaun.
Zaun, who have since released a statement labelling the incident as a “sophisticated cyber-attack”, said the incident occurred early last month through a “rogue Windows 7 PC” that is no longer in operation.
According to the firm, it is believed the incident did not compromise any classified documents.
However, a recent report by The Mirror said the stolen documents contained information that could help the group access sites, including a nuclear submarine base in Scotland, several high-security prisons, as well as other national security details. It is believed other areas of government may have been affected by the security breach.
The firm contacted the National Cyber Security Centre for advice and said that they would keep “relevant agencies” updated on any findings from the ongoing investigation.
Often described as one the world’s most dangerous hacking gang, this is not the first attack the Russian-linked criminal group has carried out on UK companies. Earlier this year, it demanded an £80m ransom after hacking into the Royal Mail’s software, blocking international shipments, and last summer, it attacked the NHS, forcing doctors to keep patient records offline. Mikhail Pavlovich, who is on the FBI’s most wanted list, is believed to have led the group’s cyber-attack.
A spokesperson for Zuan said: “LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available. This is an ongoing investigation and as such subject to further updates.”
The breach has evolved into a debate amongst the UK Government on the storage of data and the lack of security measures.
Reacting to the incident, Kevan Jones member of the Commons Defence Select Committee said: “This is potentially very damaging to the security of some of our most sensitive sites.
“The government needs to explain why this firm’s computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”
Tobias Ellwood chair of the defence committee, also addressed the matter and asked: “How does this affect the ability of our defence establishments to continue functioning without the threat of attack? How do we better defend ourselves from Russian-backed interference, no doubt related to our stance in supporting Ukraine?
“This is another example of how conflict is no longer limited to the traditional battlefield; it now includes the digital domain and is placing ever greater demands on security apparatus.”
The original version of this story was published here by our sister publication Holyrood.
Foreign Policy Research Institute
Middle East Institute
Radio Free Europe / Radio Liberty
Foreign Affairs Magazine
The Armenian Mirror-Spectator