UK Ministry of Defence Hit in 'Very Damaging' LockBit Cyber Attack

Published on
ministry of defence lockbit cyber attack

The Russia-linked group LockBit has leaked top-secret data belonging Ministry of Defence to the dark web following a cyber attack on the security firm Zaun.

The leaked data included thousands of pages of top-secret information that could help criminals compromise UK military and security sites including HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post.

Hackers released thousands of pages of data which could include highly sensitive national security details, with information about high-security prisons also stolen in the raid by notorious ransomware group LockBit, according to a report by the Mirror.

"On 5th - 6th August, Zaun was subjected to a sophisticated cyberattack on our IT network by the LockBit ransom group," Zaun wrote in a statement on its website.

"Our own cybersecurity prevented the server from being encrypted. We have been able to continue work as normal with no interruptions to service."

‘Very damaging’ to UK security

The breach occurred after LockBit gained access to a rogue Windows 7 PC that was running software for one of the firm's manufacturing machines. 

"The machine has been removed and the vulnerability closed," Zaun added. "We can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data."

LockBit will have potentially gained access to some historic emails, orders, drawings, and project files, the statement continued, although Zaun "does believe that any classified documents were stored on the system" or have been compromised. 

"This is potentially very damaging to the security of some of our most sensitive sites," said Kevan Jones, a Labour MP who sits on the Commons Defence Select Committee. 

The government needs to explain why this firm's computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.

LockBit strikes again

The attack is just one of the latest cyber attacks on the UK by Lockbit, who have continued to target critical UK infrastructure since the Russian invasion of Ukraine last year. 

LockBit is described as the world’s most dangerous hacking gang and key suspects from the group such as Mikhail Matveev are in the FBI’s Most Wanted list after attacks on 1,400 global targets.

The group was responsible for the large-scale ransomware attack on the NHS last summer, which forced crucial medical systems offline and forced doctors to keep patient records on pieces of scrap paper.

The group was responsible for the MOVEit cyber attacks in June, which affected multiple UK companies including the BBC, British Airways, and Booys as well as US government agencies and thousands of companies around the world.

“LockBit has already been responsible for some of this year’s biggest cyberattacks as well as the exploitation of the MOVEit vulnerability," said Paul Brucciani, Cyber Security Advisor at WithSecure.

The significance of this attack is that by undermining IT security, it is also possible to undermine the physical security of its customers.

The UK National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) have been contacted with regard to the attack and data leak.

 The attack could lead to even more attacks on UK infrastructure and security sites as Russia-linked cyber-attacks ramp up on the UK and its allies.



As development in data and AI accelerates, new controls and measures to properly safeguard us all. Taking place on September 12th and 13th, PrivSec North will serve as a UK's Northern base for the data protection, privacy and the security community to meet, debate and learn in a knowledge-sharing environment.

The event will feature a superstar lineup of thought leaders, industry experts and senior professionals from world- renowned companies sharing their knowledge, case studies and experience - and providing insightful, actionable content to an audience of end-user professionals.

Attendees can learn more about trust, digital transformation, ethics, data protection, privacy and security challenges, solutions and opportunities - and will be provided with the chance to network with peers and develop business relationships.


Join 34,209 IT professionals who already have a head start

Network with the biggest names in IT and gain instant access to all of our exclusive content for free.

Get Started Now