Zaun issues statement in response to media reports that sensitive military and defence material has been stolen by suspected Russian hackers.
Perimeter security specialist, Zaun has released a statement in response to media reports that “thousands of pages of data” about the HMNB Clyde nuclear submarine base, Porton Down chemical weapons lab and a GCHQ listening post have been posted on to the dark web following a sophisticated cyberattack on the company.
Information about a specialist cyber defence site and some of Britain’s high-security prisons was also stolen in the raid, according to reports.
Zaun has said that in an “otherwise up-to-date network”, the breach occurred through a rogue Windows 7 PC that was running software for one of its manufacturing machines. The machine has since been removed and the vulnerability closed.
At the time of the attack, Zaun believed that its cyber-security software had thwarted any transfer of data. Zaun can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of its stored data.
Zaun said in a statement: “We are aware of an attack upon our servers by the Lockbit Ransom group at the beginning of August. Our cyber-security systems closed the attack before they could encrypt any files on the server. However, it has become apparent that LockBit was able to download some data from our system which has now been published on the Dark Web.
“LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available. This is an ongoing investigation and as such subject to further updates.
“The National Cyber Security Centre (NCSC) has been contacted and we are taking their advice on this matter. The ICO has been contacted as well with regards to the attack and data leak.
“Zaun is a manufacturer of fencing systems and not a government approved security contractor. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it.
“Zaun is a victim of a sophisticated cyber-attack and has taken all reasonable measures to mitigate any attack on our systems.”