{
	"id": "008bb582-16c5-44ad-9d7c-eec5f8fa8ac9",
	"created_at": "2026-04-06T01:31:51.263795Z",
	"updated_at": "2026-04-10T03:23:38.803221Z",
	"deleted_at": null,
	"sha1_hash": "4fdc0ea1a5ee542700c3b8d9c617baa633a26602",
	"title": "Sensitive Data about UK Military Sites Potentially Leaked by LockBit",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 157224,
	"plain_text": "Sensitive Data about UK Military Sites Potentially Leaked by\r\nLockBit\r\nBy Kevin Poireault\r\nPublished: 2023-09-04 · Archived: 2026-04-06 00:17:37 UTC\r\nWritten by\r\nGigabytes of sensitive data related to British military and intelligence sites have been exposed by the infamous\r\nLockBit ransomware group.\r\nZaun, a Wolverhampton-based manufacturer of fencing systems, has revealed it was hit by a cyber-attack carried\r\nout by LockBit on August 5-6.\r\n“In an otherwise up-to-date network, the breach occurred through a rogue Windows 7 PC that was running\r\nsoftware for one of our manufacturing machines. Our own cyber security prevented the server from being\r\nencrypted. The machine has been removed and the vulnerability closed. We have been able to continue work as\r\nnormal with no interruptions to service,” the company said in a statement published on September 1, 2023.\r\nAt the time of the attack, Zaun believed its cybersecurity solutions thwarted any transfer of data.\r\n“However, we can now confirm that during the attack LockBit managed to download some data, possibly limited\r\nto the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of\r\ndata, potentially including some historic emails, orders, drawings and project files,” the statement continued.\r\nLockBit claimed responsibility for this attack on August 13. The gang gave Zaun until August 29 to pay an\r\nundisclosed ransom – after which it published some data on their leak site.\r\nZaun Denied Claims of Sensitive Data Being Breached\r\nAlthough Zaun said it does not believe that any classified documents were stored on the system or have been\r\ncompromised, The Daily Mirror reported that the data released by LockBit included thousands of pages of data\r\nthat could help criminals get into His Majesty's Naval Base, Clyde (HMNB Clyde) nuclear submarine base, the\r\nPorton Down chemical weapon lab and GCHQ’s communications complex in Bude, Cornwall.\r\nhttps://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/\r\nPage 1 of 3\n\nLockBit's leaked data could include information about His Majesty's Naval Base, Clyde (HMNB\r\nClyde), a nuclear submarine base also known as Faslane. Credit: Kevin Shipp/Shutterstock\r\nIt has also been reported that detailed drawings for perimeter fencing at Cawdor, a British Army site in\r\nPembrokeshire, and a map highlighting installations at the site have been compromised. Additionally, documents\r\nrelating to a string of jails, including Category A Long Lartin, Worcestershire, and Whitemoor, Cambridgeshire,\r\nwere stolen in the raid.\r\n“As such it is not considered that any additional advantage could be gained from any compromised data beyond\r\nthat which could be ascertained by going to look at the sites from the public domain,” Zaun said.\r\nThe West Midlands Regional Cyber Crime Unit is aware of the attack and are currently conducting an\r\ninvestigation.\r\nConcerns from Bipartisan Defence Committee\r\nOn August 3, Kevan Jones, a Labour MP and member of the Commons Defence Select Committee, warned: “This\r\nis potentially very damaging to the security of some of our most sensitive sites. The government needs to explain\r\nwhy this firm’s computer systems were so vulnerable. Any information which gives security arrangements to\r\npotential enemies is of huge concern.”\r\nTory MP Tobias Ellwood, who chairs the Defence Committee, also voiced his concerns. He asked: “How does this\r\naffect the ability of our defense establishments to continue functioning without the threat of attack? How do we\r\nbetter defend ourselves from Russian-backed interference, no doubt related to our stance in supporting Ukraine?\r\nFinally, this is another example of how conflict is no longer limited to the traditional battlefield; it now includes\r\nthe digital domain and is placing ever greater demands on security apparatus.”\r\nZaun’s statement read: “The National Cyber Security Centre (NCSC) has been contacted and we are taking their\r\nadvice on this matter. The ICO has been contacted as well with regard to the attack and data leak. Zaun is a\r\nhttps://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/\r\nPage 2 of 3\n\nmanufacturer of fencing systems and not a government-approved security contractor. As a manufacturer of\r\nperimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and\r\nlook at it.”\r\nZaun Limited and the UK Ministry of Defence were contacted by Infosecurity but did not respond to requests for\r\ncomment.\r\nSource: https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/\r\nhttps://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/"
	],
	"report_names": [
		"sensitive-data-uk-army-potentially"
	],
	"threat_actors": [
		{
			"id": "5d2bd376-fcdc-4c6a-bc2c-17ebbb5b81a4",
			"created_at": "2022-10-25T16:07:23.667223Z",
			"updated_at": "2026-04-10T02:00:04.705778Z",
			"deleted_at": null,
			"main_name": "GCHQ",
			"aliases": [
				"Government Communications Headquarters",
				"Operation Socialist"
			],
			"source_name": "ETDA:GCHQ",
			"tools": [
				"Prax",
				"Regin",
				"WarriorPride"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439111,
	"ts_updated_at": 1775791418,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4fdc0ea1a5ee542700c3b8d9c617baa633a26602.pdf",
		"text": "https://archive.orkl.eu/4fdc0ea1a5ee542700c3b8d9c617baa633a26602.txt",
		"img": "https://archive.orkl.eu/4fdc0ea1a5ee542700c3b8d9c617baa633a26602.jpg"
	}
}