Hackers announced that they have compromised the Naval Group, a major French defence company that constructed India’s Scorpene-class submarines. They claim to have accessed 1 terabyte of sensitive internal information, such as source code for submarine weapon systems. The company has dismissed the finding of any compromise but has instituted an inquiry.
Approximately 30 gigabytes of purported Naval Group information are currently circulating online. France’s government is supporting the investigation. This is set against a global backdrop of heightened cyberattacks on defence companies and intensifying competition in the naval arms industry.
Breach May Reveal Sensitive Weapon System
The hackers say they have in their possession the source code of submarine weapon systems now. This encompasses information that could show how access controls, algorithms, and authentication mechanisms function.
In the event of this being true, the leak would enable malicious players to take advantage of vulnerabilities in future operations. Experts caution that the leak would enable malicious forces to reverse-engineer the code or even insert new vulnerabilities into future software upgrades.
Naval Group Denies Breach, Launches Investigation
Naval Group denied any breach of its systems in a public statement. It acknowledged that the incident was “a reputational attack” and that it would investigate the allegations in depth. “
All available teams and means are mobilised to examine and validate the authenticity, origin and ownership of the data as rapidly as possible,” it stated. No impact on the company’s current operations has been reported. No ransom demand, the company added, was made to it.
India Among Impacted Nations
India’s six Kalvari-class submarines, which are based on the Naval Group’s Scorpene-class design, were constructed under a significant strategic partnership. Other buyers include Malaysia, Indonesia, and Chile. This is not the first time that the Naval Group has been involved in such a breach.
Hackers gained access to 22,000 pages containing the “complete secret combat capability” of India’s Scorpene submarines in 2016, according to The Australian. That previous breach had raised severe concern among the Indian defence establishment.
Cyber Psy-Ops in a Troubled Naval World
This recent attack seems to be more than just data theft. By exposing partial data and threatening to possess more, the hackers might be seeking a strategic psychological attack.
The aim could be to undermine the Naval Group’s international standing at a time when France and its allies are vying in the expanding submarine export business. It further invites scrutiny on global efforts to secure defence supply chains, particularly in the face of rising geopolitical rivalries in the Indo-Pacific and other regions.
What’s next?
The Naval Group is presented with the twin task of authenticating the hacker assertion and safeguarding its global reputation. Countries such as India, in turn, need to closely watch for any implications on their respective naval defence systems and current contracts.
While cyber warfare spreads to the military-industrial sector, defence companies can now be confronted with not only espionage, but reputation war.
