European defence contractor Naval Group is facing a significant challenge after hackers purportedly leaked sensitive internal information online as a result of an alleged cyber attack. The company, which plays a crucial role in constructing ships and submarines for the French navy, confirmed that it is investigating the breach, raising concerns for both national and international security.
The hackers, known by the pseudonym “Neferpitou,” have claimed to possess around 1 TB of Naval Group’s internal data, including source code related to combat systems for nuclear submarines and frigates, weapon system software, and internal communications. Their announcement, made in a post on an underground hacking forum, included a 13GB sample of the data and threatened to leak the entire data set if Naval Group did not respond within a specified timeframe.
In a series of updates leading to the breach, Neferpitou issued warnings that Naval Group had been given 72 hours to make contact, followed by subsequent deadlines. By July 26, the hacker had posted a link to what was claimed to be the complete dataset, provoking fears regarding the security protocols in place within the military contractor. Their signing off message emphasized the vulnerabilities associated with technological connections: “Keep in mind, nothing is truly disconnected from Internet…”
In response to the breach, Naval Group stated that it is aware of the claims made by the hackers and is conducting a technical investigation with the support of cybersecurity experts. As of the time of reporting, the company maintained that no intrusion into its IT environments had been identified, citing that their activities remained unaffected. The incident has raised alarms given the increasing trend of cybersecurity threats directed towards critical infrastructures.
Meanwhile, Microsoft’s alerts regarding ongoing threats from Chinese hackers exploiting a remote code execution vulnerability in SharePoint servers highlight the pervasive risks facing organizations. Although a direct link between this vulnerability and the breach of Naval Group has not been confirmed, the incident serves as a reminder of the critical need for robust security measures within the defense sector and beyond. Cybercriminals are continually looking for opportunities to harvest sensitive information, creating a pressing need for businesses to enhance their defenses against potential cyber attacks.