Naval Group launches investigation after 1TB of confidential data leaked on dark web

French defence firm Naval Group said it is investigating claims of a data security incident after a cyber criminal leaked 1TB of confidential company data on the dark web.

 

Headquartered in Paris, Naval Group is a primary supplier to the French Navy and exporter to Australia, Brazil, India and Egypt. The company designs and manufactures nuclear submarines, warships, maritime combat systems and digital warfare technologies.

 

On July 23, a threat actor using the moniker ‘Neferpitou’ claimed to have infiltrated the internal network of Naval Group and gained access to confidential data.

 

 

 

To prove the authenticity of their claim, the hacker initially published a 13 GB sample of the data they allegedly stole from Naval Group. The data contained classified information about military vessels, technical documents, development VMs with simulation data, and internal communications.

 

The threat actor gave Naval Group a 72-hour deadline to negotiate a ransom payment. Shortly afterward, the hacker known as Neferpitou leaked the entire 1TB of stolen data on the dark web, indicating that ransom negotiations had failed.

 

Responding to the reports of the cyber attack, in a statement shared on X, Naval Group said it “finds itself the target of a reputational attack, characterised by the claim of an act of cyber malevolence.”

 

 

 

“In view of the facts observed, the issues of sovereignty of Naval Group and the need to protect the data of our clients, a complaint has been filed to shed light on these acts of maliciousness.

 

“In accordance with our cybersecurity procedures, we have immediately launched investigative techniques, relying on a team of experts in cybersecurity and on the CERT Naval Group, in close collaboration with the services of the State,” Naval Group said.

 

The company stated that it is working around the clock to verify Neferpitou’s claims and assess the authenticity of the leaked data. However, its preliminary investigation found no evidence of an “intrusion into our computer systems,” and “no impact on our operations has been detected.”