Attackers accessed UK military data through high-security fencing firm's Windows 7 rig

Trending 3 weeks ago

The consequence of moving obsolete codification and hardware was highlighted aft attackers exfiltrated information from a UK supplier of high-security fencing for subject bases. The first introduction point? A Windows 7 PC.

While nan supplier, Wolverhampton-based Zaun, said it believed that nary classified accusation was downloaded, reports indicated that attackers were capable to get information that could beryllium utilized to summation entree to immoderate of nan UK's astir delicate subject and investigation sites.

The LockBit Ransom group conducted nan onslaught connected nan company's network, and Zaun admitted nan group whitethorn person exfiltrated 10GB of data. The institution besides confessed that nan onslaught mightiness person reached its server beyond nan Windows 7 introduction point.

"We do not judge that immoderate classified documents were stored connected nan strategy aliases person been compromised," nan institution said, which will beryllium tremendously reassuring to agencies that usage nan company's services. Zaun besides said it had notified nan National Cyber Security Centre (NCSC) arsenic good arsenic nan UK's Information Commissioner's Office (ICO) regarding nan breach.

In a statement, Zaun said: "We are alert of an onslaught upon our servers by nan Lockbit [sic] Ransom group astatine nan opening of August. Our cyber-security systems closed nan onslaught earlier they could encrypt immoderate files connected nan server. However, it has go evident that LockBit was capable to download immoderate information from our system, which has now been published connected nan Dark Web."

Zaun specializes successful high-security perimeter fencing. It isn't a government-approved information contractor, though is approved for authorities usage via nan Centre for nan Protection of National Infrastructure (CPNI). The truth it has fallen unfortunate to a cyberattack and had information downloaded is simply a reminder for enterprises and organizations to beryllium vigilant regarding each nexus successful nan proviso chain.

  • Cops drill into chat apps, descend crippled to smuggle tons of coke into Europe
  • More Okta customers trapped successful Scattered Spider's web
  • FBI-led Operation Duck Hunt shoots down Qakbot
  • Health, costs info for 1.2M group feared stolen from Purfoods successful IT attack

The institution boasts: "All our fencing systems tin beryllium designed and manufactured pinch a wide assortment of information additions, including toppings and discovery exertion to complete your perimeter." Unless, it appears, your perimeter is moving immoderate distinctly outdated kit.

The onslaught targeted a Windows 7 PC utilized to tally package for 1 of nan company's manufacturing machines.

Extended Security Updates for Windows 7, which was released successful 2009, yet came to an extremity successful 2023. Mainstream support ended successful 2015, and extended support vanished successful 2020.

Paul Brucciani, Cyber Security Advisor astatine WithSecure, noted nan occurrence of LockBit, saying: "The value of this onslaught is that by undermining IT security, it is besides imaginable to undermine nan beingness information of its [the supplier] customers."

SonicWall's Spencer Starkey, VP of EMEA, highlighted nan targeted quality of nan onslaught – a third-party supplier – successful nan discourse of cyber attacks connected authorities agencies. He said: "In a divisive landscape, we're seeing a continued geo-migration of threats, and governments are nether changeless cyber threat. These cyberattacks raise concerns astir a country's ain nationalist security, captious nationalist infrastructure arsenic good arsenic nan information of delicate information."

The Register contacted nan UK's Ministry of Defence and was told nan agency does not remark connected information matters. ®