News
APT Iran Claims Data Breach on Lockheed Martin
BlogBreachesResourcesNews
APT Iran Claims Data Breach on Lockheed Martin

APT Iran Claims Data Breach on Lockheed Martin

UpGuard Team
UpGuard Team
March 24, 2026

Key facts: Lockheed Martin security incident

  • Date reported: March 23, 2026.
  • Unauthorized access identified: Unknown.
  • Target entity: Lockheed Martin.
  • Source of breach: APT Iran (pro-Iran hacktivist group).
  • Data types: Alleged 375 terabytes of data, including sensitive corporate documents and technical blueprints for the F-35 fighter jet.
  • Status: Unconfirmed; investigation is ongoing.
  • Severity: Medium; while the data is highly sensitive, the breach remains unverified by the vendor.

What happened in the Lockheed Martin security incident?

Lockheed Martin (lockheedmartin.com) is currently investigating claims of a significant security incident involving the pro-Iran hacktivist group APT Iran. The incident, first reported on March 23, 2026, involves allegations that the threat actor successfully exfiltrated 375 terabytes of data from the aerospace and defense leader. The group claims the stolen information includes sensitive corporate documents and technical blueprints for the F-35 fighter jet.

The severity is categorized as medium as the breach remains unconfirmed by the vendor. Lockheed Martin has acknowledged the reports and stated they are confident in their "robust, multilayered" security protocols, though an investigation is ongoing. The threat actor is reportedly demanding $400 million to prevent the sale of the data to adversaries. While unverified, such incidents typically carry risks of intellectual property theft and potential long-term impacts on national defense supply chains.

Who is behind the incident?

APT Iran is a pro-Iran hacktivist group that has recently gained notoriety for targeting high-profile infrastructure and defense entities. While specific details regarding their long-term operational history are limited, the group has been previously linked to cyberattacks against Jordanian infrastructure. They primarily utilize Telegram to publicize their threats and demand substantial ransoms. Their methods appear to involve data exfiltration and extortion, focusing on high-value targets where the exposure of sensitive data could have geopolitical consequences. The group's recent focus on a major U.S. defense contractor suggests an evolution in their targeting capabilities and strategic objectives.

Impact and risks for Lockheed Martin customers

The potential impact of this alleged breach primarily affects Lockheed Martin’s corporate integrity and national security interests. If the claims are validated, the exposure of F-35 fighter jet blueprints could lead to significant intellectual property loss and the potential for adversaries to develop countermeasures. For employees or partners, there is a possibility that corporate credentials or internal communications could be compromised, leading to secondary phishing or social engineering attacks.

Incidents involving large-scale data exfiltration often result in prolonged investigations and heightened security scrutiny. To mitigate risks, stakeholders should monitor for unauthorized account activity and remain vigilant against targeted communication. Transparency from the organization remains critical in assessing the true scope of the threat and ensuring that all necessary defensive measures are implemented.

How to protect against similar security incidents

Following the alleged data breach at Lockheed Martin involving sensitive defense data, it is essential for related entities and partners to reinforce their security posture.

  • Implement phishing-resistant MFA. Enforce multi-factor authentication across all corporate and administrative accounts. Prioritize hardware security keys or FIDO2-compliant methods to prevent credential theft.
  • Enhance data exfiltration monitoring. Deploy advanced endpoint detection and response (EDR) tools to identify unusual data movement. Monitor for large-scale outbound traffic to unknown or unauthorized IP addresses.
  • Review supply chain security. Conduct thorough security audits of all third-party vendors and partners with access to sensitive data. Ensure that the principle of least privilege is strictly applied to all internal and external accounts.
  • Continuous attack surface management. Utilize continuous monitoring tools to identify and remediate vulnerabilities in real-time. Maintain an up-to-date inventory of all internet-facing assets to reduce the risk of unauthorized access.

Proactive security measures and constant vigilance are necessary to protect against sophisticated state-sponsored or hacktivist threats.

Frequently asked questions

What happened in the Lockheed Martin security breach?

APT Iran claimed responsibility for a security attack on Lockheed Martin (lockheedmartin.com) in March 2026. The incident was first reported on March 23, 2026.

When did the Lockheed Martin security incident occur?

The Lockheed Martin breach was publicly reported on March 23, 2026. APT Iran referenced the incident around that time, but the attack may have occurred earlier.

What data was exposed?

The types of data involved in the Lockheed Martin incident have not been confirmed by the company, though APT Iran claims to have stolen 375 terabytes of data, including F-35 blueprints. APT Iran has not provided verified evidence of specific data categories.

Is my personal information at risk?

If you interacted with Lockheed Martin, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

How can I protect myself after a data breach?

• Change your passwords immediately
• Enable multi-factor authentication (MFA)
• Monitor your financial and professional accounts for unusual activity
• Be wary of suspicious emails or phishing attempts
• Use data breach monitoring tools to stay informed

What steps should companies take after being breached?

Lockheed Martin is expected to secure its systems, notify affected parties if a breach is confirmed, provide guidance on protective actions, review its existing security measures, and deploy enhanced attack surface management.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is Lockheed Martin?

Lockheed Martin manufactures military aircraft, missiles, spacecraft, and defense systems for government and commercial customers. The company produces products including fighter jets, missile defense systems, satellites, and naval vessels across aerospace and defense sectors.
  • Check icon
    View our free preliminary report on Lockheed Martin’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Lockheed Martin's score
View score
https://www.lockheedmartin.com
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Trio-Tech International Investigating Ransomware Attack

Trio-Tech International Investigating Ransomware Attack

A data breach involving Trio-Tech International was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 23, 2026
Data breach reported for Chapel Hill Presbyterian Church

Data breach reported for Chapel Hill Presbyterian Church

A data breach involving Chapel Hill Church was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 23, 2026
Scioto County (Ohio) Investigating Cyberattack

Scioto County (Ohio) Investigating Cyberattack

A data breach involving Scioto County Ohio was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 23, 2026
Freedom Mobile Data Breach

Freedom Mobile Data Breach

A data breach involving Freedom Mobile was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 18, 2026
Data breach reported for Charlottesville Settlement Company

Data breach reported for Charlottesville Settlement Company

A data breach involving Charlottesville Settlement was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 18, 2026
Intoxalock Investigating Cyberattack

Intoxalock Investigating Cyberattack

A data breach involving Intoxalock was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 18, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating