Franceās principal naval defence contractor, Naval Group, is investigating claims by cyber attackers that sensitive internal data relating to nuclear submarines and other naval assets has been stolen and leaked online.
The firm has acknowledged the incident but maintains there is no evidence of a breach within its internal systems.
The hacker group, operating under the alias “Neferpitou“, posted on a dark web forum on 23 July, claiming to have accessed and exfiltrated approximately 1 terabyte of internal Naval Group data. A 13GB sample was made publicly available, followed by successive warnings. On 26 July, a further 30GB of files was published, with the hacker stating that significantly more would follow.
The attackers allege that the data includes source code for combat management systems (CMS), weapon system software, developer virtual machines, internal communications, and technical documentation marked with varying levels of confidentiality. One video file, purporting to be from a submarineās monitoring interface, was timestamped 2003.
Naval Group, which employs over 15,000 personnel and posted annual revenues exceeding ā¬4.4 billion, is a state-majority-owned enterprise with key defence responsibilities, including the construction and support of Franceās Barracuda-class nuclear submarines, frigates, and the aircraft carrier Charles de Gaulle. The group also supplies naval platforms and systems to international partners including India, Brazil, and Egypt.
Timeline of the Incident
The hackerās initial post on 23 July provided a sample of the data and issued a 72-hour ultimatum for the company to respond. On 25 July, a follow-up post reduced the window to 24 hours. When no contact was made public, the hacker posted again on 26 July with the banner “!! ENJOY AND SEE YOU NEXT TIME !!”, sharing what is believed to be 30GB of data.
There has been no indication of financial demands, nor any attempt to auction or sell the files, which is uncommon in high-profile cyber extortion cases. The motive appears to be reputational damage, with the actor claiming access to “top-secret classified” information.
Naval Groupās Response
Naval Group issued a bilingual statement confirming awareness of the claims. It stated:
āNaval Group has noticed being the target of a reputational attack with the claim of a cyber-malice act. We immediately launched technical investigations. All teams and resources are currently mobilised to analyse and verify the authenticity, origin and ownership of the data as quickly as possible.ā
The company maintains that,
āAt this stage, no intrusion into our IT environments has been detected and there has been no impact on our activities.ā
Independent cybersecurity researchers, including teams from Cybernews and Bitdefender, have examined the leaked data. According to Cybernews, preliminary analysis suggests that the 13GB sample includes genuine internal documentation, including source code and project files. The research team noted that while some of the content is dated, other materials appear current and operationally relevant.
Security Context and Industry Impact
The alleged breach comes amid increased global concern over vulnerabilities in enterprise software used by government and defence contractors. In late July, Microsoft disclosed the active exploitation of a critical flaw in its SharePoint platform, catalogued as CVE-2025-53770. The vulnerability enables remote code execution and is believed to have been exploited by Chinese state-linked actors.
Among the organisations targeted in that campaign was the US National Nuclear Security Administration, though no sensitive data was reportedly compromised. While it remains unverified whether the Naval Group breach involved SharePoint infrastructure, cybersecurity experts note the hacker’s final messageā”Keep in mind, nothing is truly disconnected from Internetā¦”āmay imply such a vector.
The potential exposure of proprietary source code and technical documentation related to the CMS used in nuclear-capable vessels raises concerns beyond France. Foreign partners operating platforms built by Naval Group may now be evaluating their own systems for possible risk.
This is not the first time Naval Group has been connected to a cybersecurity event. In 2022, its part-owner Thales was targeted in a ransomware campaign attributed to the LockBit 3.0 group. Whether the current leak bears any relationship to that prior incident is under investigation.
Strategic Relevance
Naval Group traces its heritage to the 17th century, founded during the reign of Louis XIII. The firm has evolved into a core component of French strategic defence and industrial capability, particularly through its role in nuclear deterrence.
The French state holds approximately 62 per cent of Naval Group, with Thales Group owning most of the remainder. Its responsibilities include the construction and long-term support of the Suffren-class submarines, Franceās next-generation nuclear fleet.
Russian-Led Cybercrime Network Dismantled in International Operation
