Key Issue: Royal Mail compromised using LockBit ransomware, disrupting its operations

Cybercriminals: Continued exploitation of Python Package Index to deliver malware

Nation-State: Russian state-backed Callisto group targets US nuclear research labs

Hacktivists: Target organisations perceived to support either side in Ukrainian conflict

Royal Mail compromised using LockBit ransomware, disrupting its operations

This week we reported on the compromise of Royal Mail with LockBit ransomware. The compromise halted all international shipping services and caused ransom notes claiming to be from the LockBit Ransomware–as–a–Service group to be printed on printers used for custom dockets. While these details suggest that LockBit affiliates were responsible, the group’s public representative has stated that the group did not target Royal Mail and that the compromise was likely conducted by a threat actor using LockBit’s builder after it was leaked in 2022. It is possible that another threat actor used LockBit’s ransomware with no intention of negotiating with Royal Mail, making this a purely disruptive operation.

The compromise may be an attempt by another threat actor to damage the group’s reputation or another less sophisticated group taking advantage of LockBit’s leaked tooling. LockBit recently faced criticism after one of its affiliates compromised a children’s hospital in Toronto, prompting the group to provide the hospital with a decryptor and issue a public apology. As Royal Mail is such a high–profile target, LockBit’s involvement would likely draw further public scrutiny, therefore making operation less likely to be the group’s responsibility, particularly due to the lack of financial motive.

Subscribe below to receive the full version.