France’s Naval Group Faces Major Cybersecurity Challenge
France’s leading warship manufacturer, Naval Group, has launched an urgent investigation into a massive 1TB data breach after sensitive documents were allegedly leaked on a popular hacking forum. The company, which is majority-owned by the French government, has characterized the incident as a “reputational attack” rather than a confirmed intrusion.
The leaked data, shared by a threat actor using the alias Neferpitou, includes 13 GB of files allegedly containing classified combat management systems (CMS) for military vessels, technical documents, simulation environments, and internal communication archives. The hacker demanded communication within 72 hours to discuss an extortion deal—a threat followed by the release of the full dataset on DarkForums, a notorious cybercrime hub that surged in popularity after BreachForums’ takedown in April 2025.
Naval Group Responds with Legal and Technical Actions
In a public statement, Naval Group emphasized that no confirmed breach of its IT systems has been detected so far. “At this stage, no intrusion into our IT environments has been detected and there has been no impact on our activities,” the statement declared. The company has mobilized its internal CERT (Computer Emergency Response Team) alongside external cybersecurity experts to verify the authenticity and origin of the leaked data.
The French defense contractor also filed a formal complaint, aiming to safeguard its clients and minimize any potential fallout. French authorities are now collaborating closely with the company to assess the full scope of the alleged cyberattack.
DarkForums Emerges as a New Cybercrime Marketplace
The data dump was hosted on DarkForums, which has rapidly filled the void left by BreachForums, becoming the primary venue for cybercriminals on the clearweb. Analysts warn that such platforms are now enabling a new wave of cyber extortion, targeting not just private enterprises but state-owned defense infrastructure—a worrying escalation in the cybersecurity landscape.
Is This a Fresh Breach or a Recycled Leak?
Some cybersecurity researchers speculate the data might not be new. In 2022, Thales Group, a partial owner of Naval Group, was breached by the LockBit 3.0 ransomware gang. It remains unclear whether Neferpitou accessed Naval’s internal systems recently or is merely recycling data stolen in a previous breach.
Still, the sensitive nature of the leaked documents—allegedly including development environments and internal military specifications—has raised alarm bells. If verified, this could represent one of the most serious cybersecurity incidents involving a European defense contractor in recent memory.
Conclusion: European Cyber Defense on High Alert
While Naval Group insists there’s no evidence of system compromise, the potential impact of such a leak cannot be overstated. The incident serves as a stark reminder of the growing risks national defense organizations face in the digital age. As geopolitical tensions rise and cybercriminal tools grow more sophisticated, Europe’s digital sovereignty and defense readiness hang in the balance.
