Naval Group, a leading defense contractor majority-owned by the French government, has denied claims of a cyber-attack.
On July 23, a member of a dark web cybercrime forum using the moniker ‘Neferpitou’ claimed to possess 1TB of data after gaining access to the defense giant’s IT systems.
The compromised data allegedly included:
- A classified content management system (CMS) for submarines and frigates, including source code and deployment documentation
- Network data related to submarines and frigates
- Technical documents from DCN, DCNS, and Naval Group, with various classification levels such as "Restricted Distribution" and "Special France"
- Virtual machines used by developers, containing various simulators related to the French Navy
- Internal communications intercepted from the organization’s messaging system (HCL Notes)
According to the individual's statement, they provided a substantial data sample (approximately 13 GB) as proof of their claims.
They issued a 72-hour ultimatum for Naval Group to establish contact through Session, an encrypted messaging platform known for its anonymity and reportedly favored by cybercriminals. The full dataset would be publicly released at no cost if a response was not issued within the given timeframe.
Message posted by 'Neferpitou' on a dark web forum. Source: Falconfeeds.io
Complaint Filed to Shed Light on Malicious Acts
Speaking to Infosecurity, Naval Group confirmed that on July 23 that several of its services, including the group’s own Computer Emergency Response Team (CERT), began investigating the claims in collaboration with French government agencies.
On July 25, a new sample of the alleged stolen data was published, which reportedly included more components of a classified naval CMS (such as binaries, training materials and logs), detailed screenshots, performance test results and restricted documents related to its use on French frigates.
However, Naval Group told Infosecurity that no intrusion into the company’s IT environments had been detected and no impact on its operations had been reported.
“In an international, commercial and informational context marked by heightened tensions and an increase in destabilization attempts, Naval Group has observed that it is the target of a reputational attack, characterized by claims of cyber malfeasance,” a Naval Group spokesperson said to Infosecurity.
The company has filed a complaint with the Paris Public Prosecutor's Office to “shed light on these malicious acts,” the spokesperson added.
Older Claim of Naval Group Data Leak From NoName057(16)
A social media account allegedly linked to NoName057(16), a pro-Russian hacktivist group, claimed on X on July 7 that it had infiltrated Naval Group’s internal perimeter.
“We were able to obtain a lot of interesting data, which we have already handed over to the appropriate parties,” the post read.
There is currently no evidence to support these assertions and their legitimacy has not been established.
Between July 14 and 17, NoName057(16)’s attack infrastructure was disrupted and a major part of the group's central server infrastructure taken offline in an international operation dubbed Operation Eastwood, coordinated by Europol and Eurojust.
Naval Group is France’s largest shipbuilder, employing over 15,000 people with a yearly revenue exceeding €4.3bn ($5bn). The French State holds a majority stake in the company (62.25%), and Thales, a French multinational company specializing in aerospace, defense and security, owns 35%.
No tags.
