Akira Group Attacks U.S. Defense Contractor

The Akira ransomware group carried out a significant cyberattack against a U.S. defense contractor, highlighting the growing risks to organizations involved in national security and defense. The attackers claimed to have stolen a substantial collection of sensitive data, including corporate records, contracts, nondisclosure agreements, and nearly 200 identification documents such as passports and driver’s licenses.
The incident was linked to the exploitation of a critical SonicWall SSL VPN vulnerability (CVE-2024-40766), which has been actively abused by Akira since late July. Once inside the network, the group employed its trademark double extortion strategy, combining data theft with ransomware encryption to pressure the victim into paying.
This breach did not occur in isolation. Security researchers observed an uptick in Akira activity globally, with multiple organizations reporting similar intrusions during the same period. The timing coincided with an overall 28% year over year rise in ransomware cases, totaling more than 500 attacks worldwide in July 2025. North America was the most affected region, underscoring the vulnerability of critical industries.
For defense contractors, the implications are especially serious. Such organizations handle highly sensitive information, and breaches of this nature raise concerns about intellectual property theft, supply chain risks, and potential exposure of defense related projects. The Akira incident serves as a reminder of the urgent need for proactive patch management, stronger VPN security, and layered cyber defenses against increasingly aggressive ransomware groups.