Threat Actors have exploited an obsolete Operating system housing the UK military data, resulting to the laying hands of sensitive information that they are not supposed to have access to.
It is no doubt, that most technologies used by the government are obsolete. As upgrading these facilities might take ample amount of time, and also requires an upgrade to every other application running with the version of the operating system by the government institutions.
This gives a reason why even after normal users are seen using modern technologies, the government bodies are always running on an older version; hence resulting to security concerns by the government.
Well things went south as it has been reported that the UK government has fallen prey, to the security flaws exploited from using obsolete technologies. Hackers have been able to gain entry to the military facility of the United Kingdom government via an entry-point running on a Windows-7 OS.
The supplier of these technology by the name Zaun, who is based in Wolverhampton, stated that they have a strong believe that no classified files were downloaded.
However, a contrary information stated that the hackers were able to access sensitive military data, which can be used to gain access to other hidden military information and research sites.
The threat actors discovered to be responsible for the attack, were the notorious LockBit Ransom Group. Zaun later admitted, the attack which was conducted on the company’s network exfiltrated data worth over 10GB, and the attack is not just limited to the entry-point (windows 7), but might have also have gotten to their servers as well.
In a statement by Zaun:
“We do not believe that any classified documents were stored on the system or have been compromised.”
Also, information about the cyberbreach, has been reported to the National Cyber Security Centre (NCSC), and the United Kingdom Information Commissioners Office (ICO), Zaun said.
To be transparent about the attack, and its occurrence they further stated:
“We are aware of an attack upon our servers by the LockBit Ransom Group at the beginning of August. Our cyber-security systems closed the attack before they could encrypt any files on the server. However, it has become apparent that LockBit was able to download some data from our system, which has now been published on the dark web.”
The company is said not to be a government-approved security contractor, however approved for government use via the Centre for the Protection National Infrastructure (CPNI).
The organization said they are confident on all their fencing systems, and that they can be designed and manufactured with a wide variety of security additions; such as detection technology, although the caveat is that the organization using their services must not be running on distinctively outdated kit.
The attack was said to have been targeted on one of the company’s machines running windows 7 Os. Microsoft windows 7 mainstream support was noted to have ended in 2015, and the extended support ended in 2020, and extended security updates for enterprise organization is said to have come to an end this year (2023).
Hopefully, these information accessed by the threat group even thou classified, should not be able to cause damage. Otherwise, the UK military would definitely be in a state of chaos if these leaked sensitive information gets into the wrong hands.
Please do let us know in the comment section what are your thoughts about this.