Russian defense contractor NPO Mars suffers major data breach allegedly exposing naval command systems

Russian military technology firm NPO Mars has reportedly suffered a significant data breach, with hackers claiming to have stolen 250GB of sensitive and likely defense-related files tied to naval command and control systems. The breach, first announced on a popular data leak forum, includes files dated as recently as March 2025, according to samples analyzed by the Cybernews research team.

The attackers, who remain unidentified, allege they accessed and extracted a trove of classified material from NPO Mars, a key supplier of automated combat systems to the Russian military. Among the compromised systems are SIGMA and DIEZ—both critical to naval coordination, anti-submarine operations, and minesweeper management. Videos posted by the attackers appear to show manipulation of naval data, including real-time information allegedly sourced from Russian fleet systems.

NPO Mars, designated a “Federal Research and Production Center,” specializes in combat information and control systems for Russian naval ships, armored vehicles, and other military units. The firm has operated since 1961 and currently employs more than 1,100 personnel. Following Russia’s 2022 invasion of Ukraine, it was sanctioned by the U.S., EU, Canada, Japan, and several other countries.

Cybernews investigators reviewed a sample of the stolen data, which includes a mix of documents, PDF scans, technical manuals, agreements, and certifications. While some scanned documents date back to 2017–2018, the bulk of the technical files were created or updated in 2024, with some files marked as recent as March 2025—suggesting ongoing operational relevance.

Among the systems reportedly exposed in the leak is SIGMA-20385, a naval command and control platform that handles maneuvering, missile coordination, communications, and anti-submarine defense. Another system, DIEZ, is designed for minesweeper coordination, and a third, TRASSA, supports missile and patrol ships. Footage released by the attackers appears to show simulated tampering with navigational data used by Russian naval officers, raising concerns about potential battlefield deception or system spoofing.

The authenticity of the full dataset remains unverified, and it is unclear how much of the claimed material was actually accessed. NPO Mars has not issued a public statement, and requests for comment remain unanswered as of publication.

Experts say that this breach highlights how cyberspace continues to be a critical front in modern warfare, with both state-sponsored groups and politically motivated hacktivists seeking to disrupt adversary command structures and leak strategic intelligence. “Such leaks can start from something as simple as a phishing campaign and escalate to the exposure of national defense systems,” Cybernews researchers warned.

While it remains uncertain how the attackers gained access to NPO Mars’ infrastructure, the leak adds to a growing list of cybersecurity incidents targeting Russian defense and infrastructure entities since the Ukraine conflict began. If verified, the breach could have strategic implications by revealing technical weaknesses and operational details of Russia’s naval capabilities.