Cyber Incident Victim: HENSOLDT SAS

On or around October 31, 2022, the Snatch ransomware group publicly claimed responsibility for a cyberattack targeting HENSOLDT France, a company specializing in military and defense electronics. The attackers listed the French firm on their Tor-based leak site, a platform commonly used by ransomware operators to pressure victims by threatening data exposure. As evidence of the breach, Snatch published a 94 MB sample of allegedly stolen data. HENSOLDT France develops and provides critical electronic systems for aerospace, defense, energy, and transportation sectors, including mission management systems, advanced sensors, embedded systems, and secure communications solutions. The company’s products and services adhere to stringent military and aeronautical standards, with applications across air, naval, and land operations in domestic and international markets.

The Snatch ransomware, first identified in late 2019, employs distinctive tactics such as forcing infected systems to reboot into Safe Mode to circumvent security software. While the full scope of compromised systems at HENSOLDT France remains unspecified, the attackers’ publication of data samples indicates unauthorized access to internal information. No operational disruptions, financial demands, or containment measures were detailed in available reports. HENSOLDT France’s role in supplying cybersecurity solutions and technologies for hazardous environments underscores the potential sensitivity of accessed data, though specific data categories beyond the sample size were not disclosed. The incident highlights persistent targeting of defense-industrial entities by ransomware groups seeking to exploit critical infrastructure vulnerabilities.