Attackers Accessed UK Military Data Through A Windows 7 Rig

The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC.

While the supplier, Wolverhampton-based Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK’s most sensitive military and research sites.

The LockBit Ransom group conducted the attack on the company’s network, and Zaun admitted the group may have exfiltrated 10GB of data. The company also confessed that the attack might have reached its server beyond the Windows 7 entry point.

“We do not believe that any classified documents were stored on the system or have been compromised,” the company said, which will be tremendously reassuring to agencies that use the company’s services. Zaun also said it had notified the National Cyber Security Centre (NCSC) as well as the UK’s Information Commissioner’s Office (ICO) regarding the breach.

In a statement, Zaun said: “We are aware of an attack upon our servers by the Lockbit [sic] Ransom group at the beginning of August. Our cyber-security systems closed the attack before they could encrypt any files on the server. However, it has become apparent that LockBit was able to download some data from our system, which has now been published on the Dark Web.”

Zaun specializes in high-security perimeter fencing. It isn’t a government-approved security contractor, although is approved for government use via the Centre for the Protection of National Infrastructure (CPNI). The fact it has fallen victim to a cyberattack and had data downloaded is a reminder for enterprises and organizations to be vigilant regarding every link in the supply chain.

The company boasts: “All our fencing systems can be designed and manufactured with a wide variety of security additions, including toppings and detection technology to complete your perimeter.” Unless, it appears, your perimeter is running some distinctly outdated kit.

The attack targeted a Windows 7 PC used to run software for one of the company’s manufacturing machines.

Extended Security Updates for Windows 7, which was released in 2009, finally came to an end in 2023. Mainstream support ended in 2015, and extended support finished in 2020.

Paul Brucciani, Cyber Security Advisor at WithSecure, noted the success of LockBit, saying: “The significance of this attack is that by undermining IT security, it is also possible to undermine the physical security of its [the supplier] customers.”

SonicWall’s Spencer Starkey, VP of EMEA, highlighted the targeted nature of the attack – a third-party supplier – in the context of cyber attacks on government agencies. He said: “In a divisive landscape, we’re seeing a continued geo-migration of threats, and governments are under constant cyber threat. These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information.”

The Register contacted the UK’s Ministry of Defence and was told the agency does not comment on security matters. ®

READ MORE HERE