Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M

Summary

A dark web marketplace called Threat Market is advertising 375 terabytes of data allegedly stolen from Lockheed Martin, claiming it was provided by a group calling itself 'APT Iran.' The listing was posted on March 29, 2026, with an exclusive buyout price of approximately $600 million. However, Lockheed Martin has not confirmed the breach, and no sample data has been verified by independent security researchers.

Full text

Data Breaches Dark Web SecurityDark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’ byWaqasMarch 30, 20262 minute read Hackers are claiming to have stolen a trove of data belonging to Lockheed Martin, the world’s largest defense contractor and an American aerospace company. They are now selling it on the dark web. The situation began on March 26, 2026, when a Telegram account linked to a dark web marketplace known as Threat Market, which posts in both Russian and English, claimed it had been approached by a group described as “APT IRAN.” According to the post, the group requested infrastructure support to sell what was described as 375 terabytes of data allegedly taken from Lockheed Martin. The message further stated that direct access to the platform’s administrative panel had been granted to the APT IRAN group to facilitate the sale. It also referenced the use of cryptocurrency mixers to handle proceeds, a method often used to make payments harder to trace. Three days later, on March 29, the same Telegram account announced that the entire 375TB of data was officially listed for sale. The listing advertised a “complete dump” with a stated value of roughly $374 million ($374,821,400) and an exclusive buyout price close to $600 million ($598,500,000). Messages in Russian and English language posted by Threat Market administrators (Image credit: Hackread.com) Screenshots from the marketplace analysed by Hackread.com show categorized data segments, including references to internal projects, source code, and personnel-related information. The structure and presentation resemble typical dark web data sale pages, though authenticity remains unconfirmed. It is worth noting that large breach claims involving hundreds of terabytes are not unusual on the dark web markets, where exaggerated figures are frequently used to attract buyers or media attention. However, a buyout price of $600 million is something never seen before. Screenshot from the Threat Market dark web site selling the alleged Lockheed Martin data (Image credit: Hackread.com) Lockheed Martin Related Claims From Another Group Around the same time, on March 26, 2026, a group calling itself Handala Hack Team, described as Iran-linked and recently in the news for breaching the personal Gmail account of Kash Patel, the FBI Director, and targeting Stryker Corporation, published a separate message referencing Lockheed Martin employees. This was different from the Threat Market claim; this post focused on personal data of a limited number of individuals, specifically engineers allegedly connected to defense projects. The group claimed it had accessed detailed personal information and had contacted some of the individuals directly. It also issued threats and a 48-hour ultimatum tied to geopolitical demands. There’s no clear link between this activity and the alleged 375TB data. The timing may just be coincidental, and the two claims seem to involve different kinds of data. However, this isn’t the first time a group has claimed access to Lockheed Martin employee data. In August 2022, the pro-Russia hacker group Killnet said it had obtained personal information, including employee email addresses and phone numbers. At this point, the situation remains unclear. There is no public confirmation from Lockheed Martin regarding any breach of this nature, and no sample data has been verified by trusted security researchers. Hackread.com has reached out to the company for comment. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts APT IRANCyber AttackCyber CrimeCybersecuritydark webIranLockheed MartinRussiaThreat Market Leave a Reply Cancel reply View Comments (0) Related Posts Read More Piracy & Intellectual Property Security Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files. byDeeba Ahmed Malware Security Ongoing ‘FreakOut’ malware attack turns Linux devices into IRC botnet According to Checkpoint, the "FreakOut" malware attack is exploiting "newest vulnerabilities." Here's a full list of its capabilities. bySudais Asif Read More Malware Security Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices Watch out for the Bandit Stealer malware that is being distributed through phishing emails. byDeeba Ahmed Read More Security Cyber Crime New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying. byDeeba Ahmed

Indicators of Compromise

• malware — APT Iran
• malware — Handala Hack Team
• malware — Killnet