Cyber Incident Victim: Fabricaciones Militares
Date:
Mar 2025
Location:
Argentina
Summary
Fabricaciones Militares suffered aransomware attack carried out by the group MONTI, which encrypted systems and exfiltrated over 300 gigabytes of data, including plans for upgrading the TAM 2IP main battle tank and developing a CH‑14 helicopter. The stolen information has raised security concerns amid the company’s transition to a public limited entity and the government’s intention to privatize it, leaving more than a thousand workers uncertain about their futures after an auction of equipment and vehicles. MONTI claimed responsibility, criticized the firm’s insufficient cooperation on its dark‑web portal, and indicated negotiations are underway to recover the data. The incident follows a broader wave of cyberattacks on Argentine public sites and aligns with an Interpol warning about ransomware groups targeting defense contractors in neutral countries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The cyberattack on Fabricaciones Militareswas first reported by the specialist publications FalconFeeds.io and Cyber Press, which identified the incident as a ransomware attack carried out by the group known as MONTI. According to these sources, MONTI claimed responsibility for the attack and announced the theft of more than 300 gigabytes of data, including sensitive information such as plans for cutting‑edge weapons projects, the upgrade of the TAM 2IP main battle tank and the development of the CH‑14 helicopter. The attack occurred while the company was undergoing a dismantling process and facing the government’s intention to privatize it under President Javier Milei, and it followed a series of earlier hacks that targeted the “Mi Argentina” platform and around twenty official sites at the end of 2024, which had already exposed weaknesses in public‑administration cybersecurity. Official sources have remained silent about the breach, leaving the details of detection and initial containment to the specialist media reports.
The stolen data has raised significant concerns because Fabricaciones Militares is a key state‑owned enterprise for the Argentine defense industry and the parent entity of the Villa María Military Powder and Explosives Factory. More than a thousand workers face an uncertain future after the auction of equipment and vehicles linked to the company’s manufacturing operations, a situation exacerbated by the anticipated privatization that could see NATO‑ and United States‑associated firms take over ammunition and explosives production. The Interpol alert issued in 2024, which warned of increasing ransomware interest in defense contractors located in geopolitically neutral countries, was cited by the press as contextual evidence that the attack may have been planned and executed by a group with considerable experience and resources. MONTI’s dark‑web portal further mocked the company’s management for its “insufficient cooperation,” a comment that Cyber Press interpreted as an indication that negotiations are underway to attempt to recover the stolen information.
Response actions described in the available sources are limited to the public alarm raised by FalconFeeds.io and Cyber Press, the alleged negotiations suggested by MONTI’s dark‑web messaging, and the ongoing official silence from Argentine authorities. No further details about technical containment, eradication, or recovery efforts are provided in the article, and no mitigation advice or speculative conclusions are included. The narrative therefore remains confined to the confirmed sequence of the attack, the scope of the data theft, the identified impacts on the company and its workforce, and the limited response actions that have been reported.