Cyber Incident Victim: Zaun Ltd.

On or around August 5th to 6th, 2023, Zaun Ltd. was subjected to a sophisticated cyber-attack on its IT network by the LockBit ransomware group. The company's own cybersecurity measures were successful in preventing the attackers from encrypting files on the server, allowing work to continue as normal with no interruptions to service. The breach was subsequently investigated with the awareness of the West Midlands Regional Cyber Crime Unit. The initial point of compromise was identified as a rogue Windows 7 PC operating within the network. This specific computer was running specialized software necessary for the operation of one of Zaun's manufacturing machines. This outdated operating system represented a significant vulnerability, which the attackers exploited to gain initial access. Following the incident, the vulnerable machine was immediately removed from the network, and the security gap was closed to prevent further exploitation.

At the time of the attack, Zaun believed its cybersecurity software had completely thwarted any exfiltration or transfer of data from its systems. However, subsequent analysis revealed that this initial assessment was incorrect. It was later confirmed that during the attack, the LockBit group managed to successfully download some data from the company's network. The precise scope of the data accessed is not fully certain, with the possibility that the exfiltration was limited to the compromised Windows 7 PC. However, there remains a risk that some data residing on the main server was also accessed during the incident. The total volume of data believed to have been exfiltrated is approximately 10 gigabytes. This quantity represents 0.74 percent of the total data stored by Zaun Ltd., indicating that the vast majority of stored information was not accessed or stolen.

The data that was potentially accessed by the threat actors includes historic emails, orders, project files, and technical drawings. Zaun Ltd. has stated that it does not believe any classified documents were stored on its systems or were compromised in the breach. The company is a specialist manufacturer of high-security perimeter fencing systems, supplying its products to many high-profile sites including prisons, military bases, and utilities infrastructure. The nature of these products is such that they are installed in public view to separate the public from a secure asset; therefore, their designs and specifications are considered to be within the public domain. Full details of all Zaun products are available for unrestricted viewing on the company's website and are available for purchase by any member of the public. Consequently, Zaun has assessed that no additional tactical or strategic advantage could be gained from the compromised data beyond what could be ascertained through simple physical observation of installed fencing from publicly accessible areas.

Following the discovery that data had been exfiltrated, the LockBit group published the stolen information on the dark web. Zaun Ltd. has been in contact with relevant agencies regarding the attack and the subsequent data leak. The National Cyber Security Centre (NCSC) has been contacted, and the company is actively taking its advice on the matter. Furthermore, the Information Commissioner's Office (ICO) has been notified in compliance with data protection regulations. The company emphasizes that it is a manufacturer of fencing systems and not a government-approved security contractor, reinforcing its position that the compromised data is not of a sensitive or classified nature. Zaun considers itself a victim of a sophisticated cyber-attack and asserts that it had taken all reasonable measures to mitigate such an attack on its systems. The incident remains an ongoing investigation, and the company has stated it will provide further updates as more information becomes available. For all enquiries regarding the incident, Zaun has directed external parties to contact Stewart Plant, the Head of Sales and Marketing.