A top cybersecurity expert has accused the Kremlin of backing a group that stole secrets from some of the UK’s most sensitive military sites before leaking them to the dark web.
Professor of cybersecurity at Ulster University, Kevin Curran, said that last month’s attack, which saw Russia-linked hacker group LockBit steal 10GB of sensitive military data from private security firm Zaun in a ‘potentially very damaging attack’, was ‘likely’ sponsored by the Russian state.
Thousands of pages of data were leaked to the dark web shortly after the private company, which was responsible for protecting maximum security sites, was breached.
‘In this case, given the target, my money would be on this being state-sponsored,’ Curran said.
Sensitive information about sites including HMNB Clyde, home of the Trident nuclear submarines, and GCHQ, one of the UK’s top intelligence and security agencies, was leaked.
Vladimir Putin (pictured) was accused of backing last month’s cyber attack that saw information from some of the UK’s most sensitive military sites leaked to the dark web
The UK’s nuclear submarine programme, Trident, is now at risk following the hack
Hackers managed to steal sensitive information from Zaun about Porton Down, one of the UK’s most jealously guarded military research sites
Hackers reportedly also leaked information about security equipment at RAF Waddington, where Reaper drone missions have been conducted from for the last 10 years, and Cawdor Barracks, the base of the 14th Signal Regiment which deals in electronic warfare.
Meanwhile, one leaked document related to equipment used to protect Porton Down – one of the most secretive military research facilities in the UK.
Zuna’s digital defences were allegedly breached by a group with links to Russian criminals.
LockBit has been on the FBI’s radar since 2020, and are believed to have stolen £80 million in ransom money.
One hacker linked to the group, Mikhail Matveev is wanted by US authorities for ‘allegedly conducting significant attacks against both United States and worldwide businesses’.
Information about GCHQ was also leaked to the dark web following the attack
Security-related information about HMNB Clyde, home of the Trident programme, was leaked
LockBit, the alleged perpetrators of the hack, have been linked to Mikhail Matveev, one of the FBI’s most wanted criminals
He is on the FBI’s most wanted list after alleged attacks on 1,400 global targets, including a £66million blackmail on the Royal Mail who refused to pay.
The professor warned that the UK was unprepared to deal with Russia’s ‘relentless’ cyber attacks, which has stepped up across the world since its invasion of Ukraine in February 2022, because of its reliance on private third-parties to protect sensitive data.
‘You can’t just expect third party suppliers to adhere to your rules.
‘There is always a risk when you have third party suppliers and you do wonder if they adhere to industry best practice.
‘It is a worry because everything is online now – cybercrime is the biggest crime in the world.
‘Given the new era we are entering which is the brink of World War Three everything is serious.
‘They are relentless with these attacks. Their best way into our country is through our cyber-security. This is the nation at risk.’
The warning comes after Labour MP Kevan Jones, who sits on the Commons Defence Select Committee, urged the Government to explain why Zaun’s computer systems were ‘so vulnerable’, warning: ‘This is potentially very damaging to the security of some of our most sensitive sites.’
‘Any information which gives security arrangements to potential enemies is of huge concern,’ he added.
The Government has so far declined to respond to concerns, with a spokesperson saying: ‘We do not comment on security matters.’
In a statement on its website published on Friday, Zaun said it had taken ‘all reasonable measures to mitigate any attacks on our systems’ and explained that they had referred the matter to the National Cyber Security Centre (NCSC).
It explained that the breach occurred through a ‘rogue Windows 7 PC’ that was running software for one of their manufacturing machines but that the network was ‘otherwise up to date’.
It said: ‘At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data.
‘However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed.
‘It is believed that this is 10 GB of data, 0.74% of our stored data.
‘It is well known that Zaun is a specialist in high-security perimeter fencing and has supplied fencing to many high-profile sites.
‘Sites where our products are used include prisons, military bases and utilities.’
Source link