Cyber Incident Victim: Lockheed Martin
Date:
Aug 2022
Location:
United States of America
Summary
A pro-Russian hacker group Killnet claimed responsibility for a DDoS attack against Lockheed Martin, alleging theft of employee data including names, email addresses, and phone numbers, which they displayed in a video. The defense contractor acknowledged awareness of reports but maintained confidence in its security measures, while independent analysis suggested the leaked data appeared legitimate but could potentially be repurposed from older sources, with the group’s actions likely motivated by retaliation for the company’s provision of military systems to Ukraine.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 1, 2022, the pro-Russian hacker group Killnet claimed responsibility for a distributed denial-of-service (DDoS) attack targeting Lockheed Martin, as reported by the Moscow Times and Newsweek. Killnet further alleged it had stolen employee data from the defense contractor and threatened to release it publicly. Lockheed Martin acknowledged awareness of the reports but did not confirm the attack’s occurrence, stating it had policies and procedures to mitigate cyber threats and expressed confidence in its multi-layered information systems and data security. The group’s motivation appeared linked to Lockheed Martin’s production of the High Mobility Artillery Rocket System (HIMARS), which the United States supplied to Ukraine for use against Russian forces. Killnet, active since March 2022, has a history of politically motivated DDoS attacks against nations and entities perceived as adversarial to Russia, including Lithuania, Italy, and Eurovision 2022, often citing retaliation for sanctions or support of Ukraine.
On August 11, 2022, Killnet escalated its claims by releasing a video on its Telegram channel purporting to show personally identifiable information (PII) of Lockheed Martin employees, including names, email addresses, phone numbers, and photographs. The group also uploaded two spreadsheets accompanied by a message urging recipients to contact Lockheed employees with images of weapon consequences, framing the company as “terrorists.” Threat intelligence analyst Louise Ferrett reviewed the video and noted the data appeared legitimate but emphasized it could not confirm a breach, suggesting it might be recycled from old or publicly available sources to intimidate employees or undermine the organization. Lockheed Martin did not publicly validate the authenticity of the leaked data or provide further details about the alleged incident. No technical evidence of data exfiltration or system compromise was disclosed, and the company’s operational impacts, if any, remained unverified. The incident primarily functioned as a propaganda effort by Killnet, leveraging unconfirmed claims to amplify psychological and reputational pressure amid geopolitical tensions tied to the Russia-Ukraine conflict.