Lockheed Martin Data Allegedly Offered for $600 Million on Dark Web

TL;DR: A dark web marketplace lists 375 terabytes of purported Lockheed Martin data for $600 million, with Iran‑linked APT Iran claiming control after contacting the site on March 26. Lockheed Martin has not confirmed or denied the breach.

Threat Market, a known dark web forum, posted the advertisement offering the data set for purchase. The listing describes the contents as internal project files, employee records, and other proprietary material.

On March 26, APT Iran reached out to Threat Market and was granted administrative control over the sale. The group claims responsibility for the data theft, though independent verification of the alleged 375 terabytes remains absent. Lockheed Martin has issued no statement confirming or denying a breach.

If authentic, the exposure could reveal sensitive defense program details and personal information of thousands of staff. The price tag far exceeds typical dark web listings, suggesting either an elaborate hoax or a high‑value target.

What Defenders Should Do - Monitor dark web mentions of company names and data sets for early warning. - Enforce multi‑factor authentication and review privileged account activity. - Deploy detection rules for MITRE ATT&CK technique T1078 (Valid Accounts) and T1041 (Exfiltration Over Command‑and‑Control Channel). - Ensure recent patches for known VPN and remote access vulnerabilities are applied (e.g., CVE‑2023‑22515, CVE‑2022‑22965). - Conduct regular tabletop exercises that simulate data‑leak extortion scenarios.

Watch for Lockheed Martin’s official response and any law‑enforcement takedown notices related to Threat Market.