Pro-Iran hackers demand $400M for alleged Lockheed Martin data

A pro-Iran hacking group that has focused on critical infrastructure targets today demanded “about $400 million” from the United States — “the cost of building four F-35 fighters” — in ransom for what they claimed was a tranche of sensitive information swiped from an American aerospace and defense giant.

APT IRAN, which is closely linked to CyberAv3ngers and has previously focused on operational technology targets, detailed at the beginning of the war an attack aimed at manipulating agricultural sector control systems in an incident the Jordanian government said was intended to destroy a strategic wheat stockpile. The group also claimed to have breached Jordan’s Bank al Etihad as well as “the management systems of the solar project in the Aqaba Special Economic Zone.”

APT IRAN claimed Thursday that the group had breached Lockheed Martin and swiped 375 terabytes of sensitive information “including technical documentation from active military projects, confidential contracts, high-level personnel information and sensitive administrative emails.”

In a Telegram post, the group further described the allegedly stolen data as “technical drawings and source codes” and “architectural documents for future missile defense systems,” along with internal emails from research teams and other unnamed items. APT IRAN also posted its statement in Chinese and Russian. On Friday, they claimed that a data sample to enforce their claim would be “coming soon.”

On Sunday, the group released an email purported to be from a senior official at the company, along with a video showing access to the alleged inbox.

“We are currently receiving numerous requests from China, Russia, and Arab countries to sell this information to them, and some of them are even willing to pay for sample data, which is great,” APT IRAN said in a Telegram post today. “The interesting thing is that Trump’s allies are looking to buy this information from us at a very high price.”

Lockheed Martin said it is aware of the claim and has “policies and procedures in place to mitigate cyber threats to our business.”

On Thursday, APT IRAN also claimed to have breached a water hydrant manufacturer in the United States, accompanied by an screenshot that appeared to be an industrial control panel dated March 10. The building “was compromised by us and made inaccessible,” the group said, adding that “we also manipulated the values ​​inside this device and left a souvenir.”

The Islamic Cyber ​​Resistance in Iraq – 313 Team, which claimed last week that it had attacked Microsoft 365 servers and caused temporary disruptions, subsequently claimed on their Telegram channel to have attacked the Internet Archive, 4chan, Reddit and Tenor websites.

The group claimed on March 13 that it had attacked the donaldjtrump.com website, which as of today displays a static bumpersticker-style image when visiting. “As we previously announced, the attack on the official website of US President Donald Trump continues with even greater force and intensity,” the group posed on Telegram on Thursday. “So far, the attack has lasted six days (over 144 continuous hours), and this massive assault has completely shut down the website. We announce that the attack will continue until further notice, and during this period, the website of the criminal Trump will remain completely offline.”

On Friday, 313 Team claimed to have disrupted Google Keep, and posted screenshots indicating service disruptions. “I believe we have disrupted the site sufficiently and sent a strong message through this shutdown,” the group said.