Search

Lockheed Martin Targeted in Alleged Breach by Pro-Iran Hacktivist

Cyber threats and incidents
By Evan Rowe

Related

Founders, Analysts & Industry Voices

CISO Whisperer/TVC Analyst Official Sales Leaders Rankings

The cybersecurity industry continues to experience one of the...
Read more
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Maryland

Maryland’s cybersecurity leadership bench is shaped by a distinctive...
Read more
Cyber threats and incidents

BuddyBoss Platform Compromised as Hundreds of Websites Are Hacked

What happened BuddyBoss platform compromised as hundreds of websites were...
Read more
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in New Jersey

New Jersey’s cybersecurity leadership bench reflects the state’s unusual...
Read more
Cyber threats and incidents

QualDerm Data Breach Exposes Information of 3.1 Million People Across 17 States

What happened A QualDerm data breach exposed information of 3.1...
Read more

Share

What happened

Lockheed Martin was targeted in an alleged breach by a pro-Iran hacktivist group that claims to hold a large trove of company data and is threatening to sell it on the dark web. The threat actor, tracked as APT Iran, claims to have stolen 375 terabytes of data from the aerospace and defense company. The group also claims to possess blueprints of F-35 aircraft and other corporate information. Additional posts attributed to the group demand more than $400 million in exchange for not selling the information to adversaries of the United States. The threats were posted on Telegram. A spokesperson for Lockheed Martin said the company is aware of the reports, has policies and procedures in place to mitigate cyber threats to its business, and remains confident in the integrity of its information systems and data security. 

Who is affected

The direct exposure involves Lockheed Martin and the information the threat actor claims to have taken from the company. The claimed data includes corporate information and alleged F-35 aircraft blueprints, while the threatened sale is framed around adversaries of the United States. 

Why CISOs should care

This incident is relevant because it centers on claimed theft of a very large volume of data from a major aerospace and defense company, followed by public extortion demands tied to the sale of that information. It also involves sensitive corporate and defense-related claims being used as leverage. 

3 practical actions:

  1. Validate public claim handling: Ensure executive, legal, communications, and security teams are aligned on how alleged breach claims and extortion demands will be assessed and handled when threat actors publicize them on platforms such as Telegram. 
  2. Prioritize claim verification: Establish a fast path to verify whether the specific categories of information named by an actor, including corporate data or technical documents, are actually exposed before broader business decisions are made. 
  3. Prepare for extortion at scale: Treat large-volume data theft claims and sale threats as a coordinated business risk event that may require simultaneous security, legal, and leadership response. 

For more coverage of major security incidents affecting organizations worldwide, explore our reporting on Data Breaches.

Previous article
CISA Warns of Craft CMS Code Injection Vulnerability Exploited in Attacks
Next article
Female Cybersecurity Leaders to Watch in Washington
Founders, Analysts & Industry Voices

CISO Whisperer/TVC Analyst Official Sales Leaders Rankings

The cybersecurity industry continues to experience one of the...
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Maryland

Maryland’s cybersecurity leadership bench is shaped by a distinctive...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.