Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data

British mesh fencing systems maker Zaun discloses LockBit ransomware attack potentially impacting data related to UK military and intelligence sites.

British mesh fencing systems maker Zaun has disclosed a LockBit ransomware attack that potentially led to the compromise of data related to UK military and intelligence sites.

Headquartered in Wolverhampton, Zaun specializes in high-security perimeter fencing products used by prisons, military bases, and utilities.

In a data breach notice posted on September 1, Zaun announced that the cyberattack occurred in early August, that it was able to thwart it before data was encrypted, and that its services were not interrupted by the incident.

According to the company, although file-encrypting ransomware was not executed on its systems, the LockBit ransomware group did manage to exfiltrate data from the network.

“At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data. However, we can now confirm that during the attack LockBit managed to download some data,” the company says.

Zaun notes that all its fencing products are typically used to “separate the public from the secure asset”, meaning that they are on public display and that the attackers would gain no advantage from the compromised data.

“LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available,” the company says.

Advertisement. Scroll to continue reading.

However, Zaun also acknowledges that the ransomware group has since made the stolen data public on the internet. Some of the information appears related to UK military, intelligence, and research bases.

As part of the cyberattack, the LockBit gang first compromised a Windows 7 computer running software for a manufacturing machine, and likely only exfiltrated data from that system, Zaun says.

Active since at least 2020 and operating under the Ransomware-as-a-Service (RaaS) model, LockBit was responsible for roughly one-fifth of the ransomware attacks observed in Australia, Canada, New Zealand, and the US last year, and is believed to have received more than $91 million in ransom payments.

“LockBit has already been responsible for some of this year’s biggest cyberattacks as well as the exploitation of the MOVEit vulnerability. The significance of this attack is that by undermining IT security, it is also possible to undermine the physical security of its customers,” WithSecure cybersecurity advisory Paul Brucciani said in an emailed comment.

Related: Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks

Related: US Government Warns Organizations of LockBit 3.0 Ransomware Attacks

Related: LockBit Ransomware Group Developing Malware to Encrypt Files on macOS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.