Ddos 
Image: Resecurity
A sophisticated ransomware campaign targeting National Defense Corporation (NDC) and its subsidiaries affected the defense supply chain, exposing sensitive data and raising alarm over possible state-sponsored involvement.
Tracked by threat intelligence firm Resecurity, the Interlock Ransomware group has taken credit for the breach, which impacted NDC’s subsidiary AMTEC Corporation—a key manufacturer of ammunition, explosives, and defense cartridges used by military and law enforcement worldwide.
Describing itself as “a relentless collective that exposes the recklessness of companies failing to protect their most critical assets: customer data and intellectual property,” Interlock uses its DLS to leak sensitive data, provide chat support for victims, and operate an extortion campaign using the email address interlock@2mail[.]co.
First appearing in September 2024, the group has previously targeted organizations in healthcare, government, and technology—but the AMTEC attack signals a shift toward high-value geopolitical targets.
The breach was confirmed in a March 6 SEC filing by NDC’s parent company, National Presto Industries, which reported “a system outage caused by a cybersecurity incident.” Subsequently, the Interlock group published stolen data on its dark web leak site, the “Worldwide Secrets Blog.”
The leaked documents reportedly contain detailed information about supply chain logistics, defense contracts, shipment schedules, and contacts linked to numerous global defense corporations, including:
- Raytheon
- Thales
- Leonardo
- SpaceX
- Hanwha
- QinetiQ
- Simmel Difesa
- Talley Defense
- SE Corporation
- German Aerospace
- PW Defence
“Numerous documents referencing top global defense corporations were found in the leaked dataset,” according to Resecurity.
While Interlock employs double extortion and big-game hunting tactics, the nature of this incident suggests a more targeted and politically charged operation—possibly acting as a proxy for nation-state espionage.
“It is common for state and near-state actors to use cybercriminals as a method of geopolitical influence and as a tool for espionage,” the report warns.
Resecurity emphasizes that the kinetic conflicts such as Russia-Ukraine, Israel-Hamas, and other geopolitical flashpoints are providing both cover and justification for politically motivated ransomware campaigns.
Beyond financial extortion, the Interlock breach raises serious national security implications:
- Leaked DoD contracts and logistics data may aid foreign adversaries in identifying U.S. military supply routes.
- Shipment schedules and commercial carrier data could be weaponized to intercept or sabotage arms deliveries.
- Exposure of defense production capacities can guide strategic attacks on supply bottlenecks.
“Some ransomware groups have connections to state actors, using attacks as cover for espionage or strategic disruption,” the report notes.
Donate