Russia-linked cybercrime gang Killnet claims to have stolen employee data from Lockheed Martin. It is the second cyberattack Killnet has claimed against the US defence contractor, whose equipment is being used by the Ukraine army, but Lockheed Martin has said it is confident of its cybersecurity defences.
Earlier today, Killnet posted a slide show to its Telegram channel that appears to show the email addresses and phone numbers of hundreds of Lockheed Martin employees.
“Until yesterday, they said all Lockheed Martin employees’ data is safe,” the group said.
It is the second unconfirmed attack that Killnet has claimed against Lockheed Martin. Yesterday, it posted what it claimed was a list of secure systems that it had disrupted, including an internal messaging systems and a Nasa smart card security system.
“Good morning Lockheed Martin organisation, all systems below RIP,” it wrote.
A spokesperson for Lockheed Martin has told Tech Monitor that the company is aware of Killnet’s claims but insists it has “policies and procedures in place to mitigate cyber threats in our business”.
Although the data posted today appears genuine, “that does not necessarily confirm that the company was breached,” says Louise Ferrett, threat intelligence analyst at Searchlight Security. “For example, this could be a re-hash of old or open source data in an attempt to undermine the organisation and intimidate its employees.”
Killnet targets Lockheed Martin
Killnet has been threatening to target Lockheed Martin for the past month, with posts to its Telegram channel inciting “all hacker groups to create an escalation in the production cycles of Lockheed Martin around the world,” and accusing the company of being a “terrorist organisation”.
Lockheed Martin is the manufacturer of HIMARS, a rocket launcher that has been provided to Ukraine by the US. “We open up a new type of attack and the possibility of influencing huge corporations for the production of weapons,” Killnet says on its channel.
The group has also claimed responsibility for a string of DDoS attacks against Baltic states and other Ukraine allies. Starting at the end of July, Lithuania’s National Cyber Security Centre (NKSC) warned of ongoing and intense DDoS attacks against the country’s National Data Transfer Network, as well as other governmental institutions and Lithuanian organisations.
Earlier today, Killnet claimed to have attacked the Latvian government, posting to its Telegram channel at 10:42 BST “Latvia, we are Killnet we officially recognise you as a pile of shit!”
Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.