Thousands of pages of sensitive information belonging to the UK’s Ministry of Defence have been released onto the dark web by the notorious ransomware gang LockBit. The data was stolen during an attack on a fencing manufacturer Zaun, a supplier to the UK government, which took place last month.
Sensitive information relating to numerous government research sites, including Porton Down in Wiltshire and Faslane nuclear submarine base in Scotland, is reported to be part of the leaked data.
LockBit is one of the most active ransomware gangs in the world and is thought to operate out of Russia. Past victims include Royal Mail and TSMC, the world’s biggest chipmaker, while it displayed its ruthless streak recently by threatening to release cancer patient medical data obtained from healthcare tech company Varian Medical Systems.
UK Ministry of Defence documents leaked by LockBit
Zaun manufactures metal fencing and appeared on LockBit’s dark web victim blog on 13 August. Having initially claimed no customer data was compromised, on Friday it released a statement admitting that some customer data will have been obtained by an unauthorised third party.
“We can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed,” the Zaun statement says. “It is believed that this is 10GB of data, potentially including some historic emails, orders, drawings and project files.”
In a separate statement, the company added: “Zaun is a manufacturer of fencing systems and not a government-approved security contractor. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it.”
But the leaked documents reportedly include details of equipment used at GCHQ’s satellite ground station and network monitoring site in Bude. Cawdor Barracks in South Wales, which is currently housing the 14th Signal Regiment of electronic warfare specialists saw data breached, and RAF Waddington in Lincolnshire, home to Reaper drones used in Afghanistan and Syria, also lost sensitive documents. Detailed drawings for perimeter fencing at Cawdor and a map highlighting installations of the site are among the leaked papers.
The level of access to prohibited information has disturbed many, including Labour MP Kevan Jones, who sits on the Defence Committee, who said on X “This is potentially very damaging to the security of some of our most sensitive sites. The government needs to explain why systems were so vulnerable.”
Defence committee chair and Tory MP Tobias Elwood expressed consternation about the leak, asking: “How does this affect the ability of our defence establishments to continue functioning without the threat of attack? How do we better defend ourselves from Russian-backed interference, no doubt related to our stance in supporting Ukraine?”
It is not known if a ransom demand has been made to Zaun or the MoD. Tech Monitor has reached out to both organisations for comment but has heard nothing back at the time of writing.