Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Iran actors’ claims raise questions about larger cyber threat to US, allies

Questions are being raised about the veracity and tactics of Iran-linked actors, amid claims that a large trove of Lockheed Martin data is on the market.

Published March 31, 2026
David Jones's headshot
Reporter
An Iranian flag flutters in front of a building with many windows
The flag of Iran is seen in front of the building of the International Atomic Energy Agency (IAEA) headquarters on May 24, 2021, in Vienna, Austria. Iran-linked actors have stepped up malicious attacks in March 2026 in connection with the most recent U.S. and Israeli bombing campaign. Michael Gruber via Getty Images

Iran-nexus threat actors have placed what they claim is a large trove of data from defense contractor Lockheed Martin for sale on the underground market. 

The placement comes more than a week after the alleged hack and more than a month after the U.S. and Israel launched a coordinated bombing campaign against Iran, mainly from aircraft and naval ships. 

A threat group tracked as APT Iran claims to be offering a cache of exfiltrated Lockheed Martin data for more than $598 million, according to researchers at Flashpoint. The hackers claim the data includes blueprints for the F-35 fighter jet and Pentagon contracts. 

A state-linked group tracked as Handala or Handala Hack has allegedly doxxed Lockheed Martin engineers via SMS and threatened them to leave Israel within 48 hours, according to Flashpoint. 

The Deparment of War “does not comment on the status of our networks and systems," as a matter of policy, an official told Cybersecurity Dive. 

Handala is the group that claimed credit for the cyberattack against medical technology giant Stryker and the breach of FBI Director Kash Patel’s personal email. Just prior to the Patel hack, the Department of Justice announced the disruption of domains linked to Handala and other Iran-linked actors. 

The FBI confirmed to Cybersecurity Dive that Patel’s email was targeted by Iran-linked hackers and said it has taken all necessary steps to mitigate potential risks from the attack. The FBI said the data was “historical” in nature and contained no government information. 

The FBI said a $10 million reward is being offered through the State Department for information leading up to the identification of Handala hackers. 

Security researchers, analysts and government officials have long been concerned about the threat of asymmetric threat activity from Iran, due in part to a long history of targeting Israeli and U.S. critical infrastructure and intimidating political dissidents with cyber. 

However, they caution that Iran has a history of mixing legitimate activity with diversionary tactics and disinformation in order to confuse adversaries. 

“Iranian actors routinely exaggerate the impact of their intrusions,” Ari Ben Am, an adjunct fellow at the Foundation for Defense of Democracies, told Cybersecurity Dive. 

They’ve been known to add information from prior hacks into their claims and also incorporate social media information into a claim under the pretext the information was actually hacked, Ben Am said. In other cases, they have made up claims. Ben Am cautioned that the Lockheed claims could include all three aspects. 

A spokesperson for Lockheed Martin earlier this month told Cybersecurity Dive the company was aware of the claims and said it was confident in its defense capabilities. 

Still, security researchers and other analysts note that Iran has a proven record of hunting political opponents, stealing data and targeting critical infrastructure providers, including drinking and wastewater in the U.S. 

Cynthia Kaiser, senior vice president at Halcyon and a former deputy assistant director at the FBI, said the recent claims related to Lockheed Martin include screenshots and other evidence that raises questions about how much of the claimed data is legitimate.

“Interestingly, APT Iran is attempting to sell one set of data for an enormous amount of money, demonstrating how these groups mix financial gain and their political goals,” Kaiser said. “We continue to anticipate Iran and its proxies will increase their targeting of U.S. organizations in the weeks ahead.”

Editor’s note: Updates with reaction from the Department of War.

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
Zapier Pledges Free AI Education for 1 Million People
From Zapier
March 17, 2026
Zapier logo
CyberFOX AutoElevate Named a High Performer in G2’s Spring 2026 Report for Privileged Access M…
From CyberFOX
April 01, 2026
CyberFOX logo
Why Edge RF Awareness Is Essential for the M2M Era
From Digital Global Systems
March 16, 2026
Digital Global Systems logo
Realm.Security Rolls Out AI-Ready Security Data for the Modern SOC Ahead of RSA Conference
From Realm.Security
March 16, 2026
Realm.Security logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell