Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Criminal hackers claim responsibility for attack on Naval Group. 72 hours to pay the ransom.

Redazione RHC : 25 July 2025 10:08

France’s largest defense shipbuilder, Naval Group, is facing a potentially serious cybersecurity incident following claims by threat actors that they have compromised critical internal systems, including those related to French naval operations.

The hackers posted the alleged breach on a well-known forum specializing in data leaks, claiming to have accessed sensitive material such as the source code of the combat management systems (CMS) used in French submarines and frigates. The attackers are not aiming to sell the stolen data, but to extort money from the defense contractor by threatening to disclose confidential information if their demands are not met.

Naval Group, headquartered in Paris and with over 15,000 employees, is a major supplier of military-grade naval solutions throughout Europe. With annual revenues exceeding $5 billion (€4.3 billion), the company is jointly owned by the French government and defense electronics giant Thales Group.

Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of such data. At this time, it is not possible to independently verify the authenticity of the information reported, as the organization involved has not yet released an official statement on its website. Therefore, this article should be considered for informational and intelligence purposes only.

Below is the Italian translation of the post from the underground forum.

The full leak contains:

- Classified top-secret CMS for submarines and frigates available with source code + user guide for infrastructure implementation (a large server is required to run the entire CMS)
- Network data by submarine and frigate
- DCN/DCNS/Naval Group technical documents with different types of classification, "Restricted Distribution," "Special France," etc. The documents start from 2006, but mainly from 2019 to 2024.
- Developer VMs with several naval simulators inside
- Confidential exchanges intercepted via their internal HCL Notes messaging service

Naval Group has 72 hours to contact me.

After this deadline, I will leak everything for free

What the hackers claim to have stolen from the Naval Group

According to the post shared by the cybercriminals, the following assets were accessed during the breach:

  • Source code powering the CMS for submarines and frigates
  • Internal network topology and related network data
  • Technical documents labeled with different sensitivity levels
  • Developer Virtual Machine Environments
  • Confidential Internal Communications

The attackers also included a 13 GB data sample as evidence in their post. Among the leaked files there are multimedia resources, including videos.

National Security Implications

The perspective that foreign subjects or groups The possibility that criminals could gain access to the software that governs combat systems aboard operational naval vessels is extremely alarming. If confirmed, the disclosure of the CMS (Combat Management System) source code and confidential documentation would not only compromise the technological integrity of Naval Group, but would also force the French Ministry of the Armed Forces to undertake costly corrective measures, including security audits, system upgrades, and thorough audits.

Although the true extent of the damage and the scope of the breach have not yet been verified, it is known that attackers motivated by extortion tend to overestimate the value and impact of the stolen information, to increase the psychological and financial pressure on victims. It remains to be seen whether this is one of those cases.

Founded in the 17th century and formerly known as DCN (Direction des Constructions Navales), Naval Group has always played a central role in France’s maritime defense strategy. The company built, among other things, France’s only nuclear-powered aircraft carrier, the Charles de Gaulle, a testament to its strategic importance to the country’s defense capabilities.

A compromise of Naval Group’s digital infrastructure would not only expose sensitive operational data, but would also highlight the growing vulnerability of high-profile military contractors in Europe. The outcome of this potential breach, if confirmed, could have significant and lasting consequences for French national security and its cybersecurity industrial strategy.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr