What happened
Lockheed Martin was targeted in an alleged breach by a pro-Iran hacktivist group that claims to hold a large trove of company data and is threatening to sell it on the dark web. The threat actor, tracked as APT Iran, claims to have stolen 375 terabytes of data from the aerospace and defense company. The group also claims to possess blueprints of F-35 aircraft and other corporate information. Additional posts attributed to the group demand more than $400 million in exchange for not selling the information to adversaries of the United States. The threats were posted on Telegram. A spokesperson for Lockheed Martin said the company is aware of the reports, has policies and procedures in place to mitigate cyber threats to its business, and remains confident in the integrity of its information systems and data security.Â
Who is affected
The direct exposure involves Lockheed Martin and the information the threat actor claims to have taken from the company. The claimed data includes corporate information and alleged F-35 aircraft blueprints, while the threatened sale is framed around adversaries of the United States.Â
Why CISOs should care
This incident is relevant because it centers on claimed theft of a very large volume of data from a major aerospace and defense company, followed by public extortion demands tied to the sale of that information. It also involves sensitive corporate and defense-related claims being used as leverage.Â
3 practical actions:
- Validate public claim handling: Ensure executive, legal, communications, and security teams are aligned on how alleged breach claims and extortion demands will be assessed and handled when threat actors publicize them on platforms such as Telegram.Â
- Prioritize claim verification: Establish a fast path to verify whether the specific categories of information named by an actor, including corporate data or technical documents, are actually exposed before broader business decisions are made.Â
- Prepare for extortion at scale: Treat large-volume data theft claims and sale threats as a coordinated business risk event that may require simultaneous security, legal, and leadership response.Â
For more coverage of major security incidents affecting organizations worldwide, explore our reporting on Data Breaches.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.