Naval Group Refutes Data Breach Allegations Amid Suspected Reputation Attack

Naval Group, a major French defense contractor partially owned by the French government, has firmly denied allegations of a cyber intrusion, suggesting instead that it is the target of a deliberate campaign to damage its reputation.

On July 23, an individual operating under the alias ‘Neferpitou’ posted on a dark web cybercrime forum claiming to have exfiltrated 1 terabyte of sensitive data from Naval Group’s systems. The alleged breach reportedly includes confidential technical documents, source code for naval systems, internal communications, and virtual machines related to submarine and frigate operations.

The attacker also claimed to have accessed:

  • A classified CMS (Content Management System) containing source code and deployment details for submarines and frigates.
  • Internal communications from Naval Group’s messaging infrastructure (HCL Notes).
  • Network data and simulator environments used by developers.
  • Documents labeled “Restricted Distribution” and “Special France.”

A sample of 13 GB of the allegedly stolen data was shared to support the claims. The hacker issued a 72-hour ultimatum, demanding the company initiate contact through Session, an encrypted and anonymity-focused messaging app. If Naval Group failed to respond, the hacker threatened to release the entire dataset for free.

Message posted by ‘Neferpitou’ on a dark web forum. Source: Falconfeeds.io

In response, Naval Group confirmed it had initiated an internal investigation involving its Computer Emergency Response Team (CERT) and relevant French government agencies. A second leak on July 25 included additional CMS components, binaries, training materials, and restricted documentation.

Despite the claims, Naval Group reported that no unauthorized access to its infrastructure had been identified and that operations remain unaffected. The company categorically dismissed the breach and emphasized the broader context of geopolitical disinformation and cyber destabilization.

“In a tense global environment, Naval Group believes it is facing a reputational assault fueled by false cyber claims,” a spokesperson said. The company has filed a formal complaint with the Paris Public Prosecutor’s Office to initiate a legal investigation.

A Pattern of Claims

This isn’t the first time Naval Group has been targeted. Earlier this month, the pro-Russian hacktivist group NoName057(16) claimed to have accessed internal systems and obtained undisclosed data. However, these assertions remain unverified. Notably, Operation Eastwood, led by Europol and Eurojust, recently disrupted much of NoName057(16)’s infrastructure between July 14 and 17.

Naval Group, which employs over 15,000 people and reports annual revenues exceeding €4.3 billion, remains a key player in Europe’s defense and naval technology sectors. The French government holds a 62.25% stake, with Thales owning 35%.

Takeaway for Cybersecurity Stakeholders

This case underscores the growing use of cyber narratives and misinformation as weapons of influence, especially in the defense sector. It highlights the need for organizations to:

  • Maintain robust detection and incident response capabilities
  • Monitor dark web intelligence channels
  • Proactively communicate in the face of cyber-related PR threats
  • Collaborate closely with national cybersecurity agencies and legal authorities

Source: https://www.infosecurity-magazine.com/news/naval-group-denies-hack