US aerospace and defence manufacturer breached, hackers claim

Published: 29 November 2025
Last updated: 29 November 2025
malware, hackers
Image by Cybernews.

ADC Aerospace, a US-based engineering component maker for defence and aerospace sectors, was listed on Play ransomware cartels’ dark web blog. Attackers claim they accessed client documents.

The attackers’ dark web post is likely a warning shot for the company to take note that attackers have their data. It is a common tactic utilized by ransomware cartels to pressure organizations into paying the ransom.

According to attackers, they have accessed client documents, budget and financial information, payroll records, identification documents, as well as private and personal confidential data. However, attackers did not include any data sample, making it impossible to check if their claims have a basis.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

However, ransomware cartels operate by slowly threatening organisations with client data exposure, hoping the victim will rather pay the ransom than disrupt relations with its clients. Snippets of data often appear after victims refuse to pay or stall negotiation.

We have reached out to the company for comment and will update the article once we receive a reply.

If confirmed, the data breach could cause serious trouble for ADC Aerospace. For one, attackers can sell stolen details on the dark web, where interest in American defense sector contractors is always peaking.

Meanwhile, payroll data, which undoubtedly has a trove of personal information, can be exploited for identity theft. Other personal details could be exploited for social engineering attacks. These can be extremely effective when attackers impersonate targeted industry players.

Security risks are even higher in ADC Aerospace’s case as the company supplies industry titans like Northrop Grumman, Collin Aerospace, Philips, Honeywell, and many other well-established companies.

Satellite hacking space
Image by Cybernews

Who is the Play ransomware cartel?

ADVERTISEMENT

Play ransomware is a major player in the cybercrime underworld, elbowing its way into the top three of the most active ransomware cartels last year.

In early August, the ransomware cartel claimed Jamco Aerospace, a commercial and military aircraft industrial parts supplier for the US Navy, Boeing, and Northrop Grumman.

In 2023, Play was behind the attack on the Palo Alto County Sheriff's office in Iowa and the Donald W. Wyatt maximum security detention center in Rhode Island.

Has my data been leaked?
Check Now

Other high-profile Play victims include the cloud computing company Rackspace, German hotel chain H-Hotels, and BMW France.

According to an Adlumin profile, Play is thought to be one of the first ransomware groups to use intermittent encryption, in which only certain fixed segments of a system are encrypted.

The method allows for faster access and exfiltration of a victim's data, and it seems other notorious groups have since adopted the tactic, including ALPHV/BlackCat, DarkBit, and BianLian.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT