Key Findings

• A dark web marketplace called Threat Market is listing 375 terabytes of alleged Lockheed Martin data for $600 million, with an alternative $374 million price tag

• The data was allegedly provided by a group claiming to be "APT IRAN" starting March 26, 2026

• A separate Iran-linked group called Handala Hack Team claimed around the same time to have accessed personal data of Lockheed Martin engineers and employees

• No verification of the breach has been confirmed by Lockheed Martin or independent security researchers

• The $600 million asking price is unusually high for dark web data sales and raises questions about legitimacy

Background

Lockheed Martin, the world's largest defense contractor and a major American aerospace company, has become the target of what appears to be a coordinated cyber operation. The situation emerged in late March 2026 when multiple threat actors began making claims about accessing company data. The timing and nature of these claims suggest either a real breach affecting multiple data sets or coordinated disinformation efforts aimed at damaging the company's reputation or extracting payment.

The Threat Market Listing

On March 26, 2026, a Telegram account associated with Threat Market announced it had been approached by a group calling itself APT IRAN requesting help to sell stolen Lockheed Martin data. The marketplace administrators claimed they granted direct access to their administrative panel to facilitate the sale. Three days later, the full 375TB dataset was officially listed. Screenshots analyzed by Hackread.com showed categorized data segments including references to internal projects, source code, and personnel information structured similarly to typical dark web marketplace listings. The asking prices are substantial: approximately $374.8 million for a standard sale or $598.5 million for an exclusive buyout.

The Handala Hack Team Connection

Around the same time, the Iran-linked group Handala Hack Team made separate claims about accessing Lockheed Martin employee data. Unlike the Threat Market listing which claims massive volumes of technical data, Handala Hack Team focused on personal information belonging to a smaller number of engineers allegedly connected to defense projects. The group claimed direct contact with some individuals and issued threats tied to geopolitical demands. There is no confirmed connection between the two claims, though the timing raises questions about whether multiple groups are involved in separate operations or if this represents a coordinated campaign.

Verification Issues and Historical Context

Lockheed Martin has not publicly confirmed any breach, and no independent security researchers have verified the authenticity of the data being sold. Large breach claims involving hundreds of terabytes are common on dark web markets where exaggerated figures are frequently used to attract attention or inflate perceived value. However, a $600 million price tag is unprecedented and may itself indicate inflated claims. This is not the first time threat actors have claimed access to Lockheed Martin data. In August 2022, the pro-Russia hacker group Killnet claimed to have obtained employee email addresses and phone numbers. The current situation remains unconfirmed pending official company statements or independent analysis of sample data.

Sources

• https://hackread.com/dark-web-market-375tb-lockheed-martin-data/

• https://x.com/Dinosn/status/2038624320969232655

• https://www.tiktok.com/@cyber_warrior76/video/7623070870746959134

• https://www.linkedin.com/posts/cyber-news-live_dark-web-market-lists-alleged-375tb-lockheed-activity-7444450938028789761-bVme

• https://x.com/Cyber_O51NT/status/2038796869577441294