Pierluigi Paganini
May 13, 2025
Resecurity envisions the cascading effects on the defense supply chain due to ransomware activity. In the recent incident, by attacking a defense contractor, Interlock Ransomware uncovered details about the supply chains and operations of many other top defense contractors globally who use their products, including their end customers. The systems that companies use in the defense sector may also hold classified information. Such information will be of interest to foreign intelligence agencies, nation-state actors, and advanced espionage groups, especially during local conflicts and ongoing wars.
Numerous documents referencing top global defense corporations were found in the leaked dataset released by Interlock Ransomware, including but not limited to:
▪️Hanwha
▪️German Aerospace
▪️Leonardo
▪️PW Defence
▪️Raytheon
▪️Simmel Difesa
▪️SpaceX
▪️SE Corporation
▪️Thales
▪️Talley Defense
▪️QinetiQ
According to Resecurity, some ransomware groups have strong connections to state actors, using cyber-attacks as cover for espionage or strategic disruption attacks that can be used to:
The combination of high financial rewards, access to sensitive data, and potential for strategic impact makes defense contractors attractive targets for ransomware groups. Ransomware attacks on defense contractors and their supply chains have profound implications for national security, operational efficiency, financial stability, trust and brand reputation. According to experts, these attacks highlight the urgent need for robust cybersecurity measures and CMMC implementation, through continuous monitoring, and collaboration between the public and private sectors to mitigate risks and protect critical assets.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Interlock Ransomware)
