View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 4, 2023updated 05 Sep 2023 9:31am

UK Ministry of Defence documents stolen and leaked in LockBit cyberattack

The documents are believed to have been accessed through the hacking of a third party metal fencing supplier used by the government

By Claudia Glover

Thousands of pages of sensitive information belonging to the UK’s Ministry of Defence have been released onto the dark web by the notorious ransomware gang LockBit. The data was stolen during an attack on a fencing manufacturer Zaun, a supplier to the UK government, which took place last month.

Documents from the Ministry of Defence were stolen and leaked by RaaS gang LockBit. (Photo by Willy Barton / Shutterstock)

Sensitive information relating to numerous government research sites, including Porton Down in Wiltshire and Faslane nuclear submarine base in Scotland, is reported to be part of the leaked data.

LockBit is one of the most active ransomware gangs in the world and is thought to operate out of Russia. Past victims include Royal Mail and TSMC, the world’s biggest chipmaker, while it displayed its ruthless streak recently by threatening to release cancer patient medical data obtained from healthcare tech company Varian Medical Systems.

UK Ministry of Defence documents leaked by LockBit

Zaun manufactures metal fencing and appeared on LockBit’s dark web victim blog on 13 August. Having initially claimed no customer data was compromised, on Friday it released a statement admitting that some customer data will have been obtained by an unauthorised third party. 

“We can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed,” the Zaun statement says. “It is believed that this is 10GB of data, potentially including some historic emails, orders, drawings and project files.”

In a separate statement, the company added: “Zaun is a manufacturer of fencing systems and not a government-approved security contractor. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it.”

But the leaked documents reportedly include details of equipment used at GCHQ’s satellite ground station and network monitoring site in Bude. Cawdor Barracks in South Wales, which is currently housing the 14th Signal Regiment of electronic warfare specialists saw data breached, and RAF Waddington in Lincolnshire, home to Reaper drones used in Afghanistan and Syria, also lost sensitive documents. Detailed drawings for perimeter fencing at Cawdor and a map highlighting installations of the site are among the leaked papers. 

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

The level of access to prohibited information has disturbed many, including Labour MP Kevan Jones, who sits on the Defence Committee, who said on X “This is potentially very damaging to the security of some of our most sensitive sites. The government needs to explain why systems were so vulnerable.”

Defence committee chair and Tory MP Tobias Elwood expressed consternation about the leak, asking: “How does this affect the ability of our defence establishments to continue functioning without the threat of attack? How do we better defend ourselves from Russian-backed interference, no doubt related to our stance in supporting Ukraine?”

It is not known if a ransom demand has been made to Zaun or the MoD. Tech Monitor has reached out to both organisations for comment but has heard nothing back at the time of writing. 

Read more: LockBit cyberattack hits NHS 111 service

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.