DCNS

In 2011, DCNS (a French submarine manufacturer) suffered a major cyber attack in India, orchestrated by an overseas actor targeting economic warfare. The breach resulted in the theft of **22,400 highly sensitive files**, including classified documents detailing the **stealth capabilities, magnetic, electromagnetic, and infrared signatures** of the **Scorpène-class submarines**. The stolen data exposed critical operational parameters—such as submarine speeds, noise levels, mast-raising speeds, and other proprietary technical specifications—effectively compromising the vessel’s tactical advantages.The leak had severe geopolitical and commercial repercussions, particularly for DCNS’s **A$50 billion ($38 billion) Barracuda-class submarine contract in Australia**, where competitors and foreign adversaries could exploit the exposed vulnerabilities. The incident eroded trust in DCNS’s cybersecurity measures, risking the company’s reputation, contractual negotiations, and long-term defense partnerships. The stolen intelligence also posed a direct threat to **national security**, as adversarial nations could counter or replicate the submarine’s capabilities, undermining its strategic value in naval warfare.

Source: https://www.israeldefense.co.il/en/content/secret-data-indias-submarines-leaked

TPRM report: https://www.rankiteo.com/company/naval-group

"id": "nav817092125",
"linkid": "naval-group",
"type": "Cyber Attack",
"date": "6/2011",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"

{'affected_entities': [{'customers_affected': ['Indian Navy (Scorpène-class '
                                               'submarines)',
                                               'Australian Department of '
                                               'Defence (potential Barracuda '
                                               'contract)'],
                        'industry': ['defense',
                                     'shipbuilding',
                                     'submarine manufacturing'],
                        'location': ['France', 'India (incident context)'],
                        'name': 'DCNS (now Naval Group)',
                        'type': 'defense contractor'}],
 'attack_vector': ['network intrusion', 'targeted hacking'],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['technical documents',
                                        'design specifications',
                                        'operational manuals'],
                 'number_of_records_exposed': '22,400 files',
                 'sensitivity_of_data': 'top secret (military/defense)',
                 'type_of_data_compromised': ['military secrets',
                                              'submarine technical '
                                              'specifications',
                                              'stealth capabilities',
                                              'electromagnetic data',
                                              'infrared data',
                                              'operational manuals']},
 'date_publicly_disclosed': '2016',
 'description': 'In 2011, the French submarine company DCNS (now Naval Group) '
                'was targeted by a hacking attack in India, attributed to an '
                'overseas actor conducting economic warfare. The breach '
                'resulted in the theft of 22,400 files, including highly '
                'sensitive documents detailing the stealth capabilities, '
                'magnetic, electromagnetic, and infrared data of the '
                'Scorpène-class submarines. The leaked data exposed critical '
                'operational details such as submarine speeds, noise levels, '
                'mast operation speeds, and other classified specifications. '
                'The incident raised concerns about the security of DCNS’s '
                'A$50 billion ($38 billion) Barracuda next-generation '
                'submarine project in Australia, where the company was in '
                'exclusive contract negotiations.',
 'impact': {'brand_reputation_impact': ["loss of trust in DCNS/Naval Group's "
                                        'cybersecurity',
                                        'potential contract risks'],
            'data_compromised': ['22,400 files',
                                 'Scorpène-class submarine specifications '
                                 '(stealth, magnetic, electromagnetic, '
                                 'infrared data)',
                                 'operational details (speeds, noise levels, '
                                 'mast operation)'],
            'operational_impact': ['compromised submarine project security',
                                   'doubt cast on A$50 billion Barracuda '
                                   'contract in Australia']},
 'initial_access_broker': {'high_value_targets': ['Scorpène-class submarine '
                                                  'data',
                                                  'Barracuda project '
                                                  'intelligence']},
 'motivation': ['economic warfare',
                'competitive intelligence',
                'military espionage'],
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': 'The Australian (2016)',
                 'url': 'https://www.theaustralian.com.au/nation/defence/leaked-dcns-documents-reveal-secrets-of-indias-scorpene-submarines/news-story/5e2a3e3e8b1b2f6e1d4c8e7a9f3b2d1e'},
                {'source': 'BBC News',
                 'url': 'https://www.bbc.com/news/world-asia-37193094'}],
 'threat_actor': ['overseas actor', 'state-sponsored (suspected)'],
 'title': 'DCNS (Naval Group) Cyber Espionage Incident (2011)',
 'type': ['cyber espionage', 'data breach', 'economic warfare']}