Critical Infrastructure at Risk: INC Ransom Claims 1 TB Data Theft from NAFFCO
The NAFFCO company—renowned for large-scale fire-safety projects throughout the Middle East—has found itself at the center of intense discussion following a dark-web post alleging a massive data breach. The incident has drawn widespread attention due to the company’s size, its role in safeguarding strategic facilities, and the scope of the information that cybercriminals claim to have stolen.
According to the attackers, the INC Ransom group published a statement on its darknet portal asserting that it had exfiltrated one terabyte of NAFFCO’s internal data. Headquartered in Dubai, NAFFCO designs and supplies fire-protection systems, equipment, alarm technologies, and engineering solutions for major infrastructure projects.
Among NAFFCO’s customers are government agencies, civil defense units, and emergency-response services. The company has contributed to fire-safety systems for some of the region’s most iconic structures, including the Burj Khalifa, the Louvre Abu Dhabi, and the Oman Convention and Exhibition Centre. In the energy sector, it collaborates with major clients such as ADNOC, ADCO, and ZADCO.
The INC Ransom post appeared on 17 November, accompanied by taunting remarks aimed at the company—a familiar pressure tactic designed to push victims into negotiations by threatening to leak stolen material.
The attackers also uploaded dozens of images as alleged samples of the exfiltrated data. These included internal documents, employee directories with roles and contact details, project records, lists of annual contracts, and files containing personal information on staff, such as copies of identification cards and visas.
Such material significantly increases risks for employees and partners alike—from identity theft to social-engineering attempts. Reputational damage is also likely, as the attackers now claim to hold insight into NAFFCO’s internal operations and business relationships.
INC Ransom has been active since July 2023 and has claimed responsibility for hundreds of attacks. Its operations rely on a blended strategy: in addition to disrupting infrastructure, the group steals confidential documents and threatens to release them unless a ransom is paid.
Past victims have included hospitals, educational institutions, government bodies, manufacturing firms, and technology organizations. Publicly listed cases have featured Stark AeroSpace, the city of Leicester, an NHS division in Scotland, Xerox, media network CNN Indonesia, and retail giant Ahold Delhaize, among others. In several incidents, the group extracted hundreds of gigabytes of data, including materials belonging to municipal administrations and companies in the apparel and sporting-goods industries.
With this latest breach, INC Ransom continues to reinforce its reputation as one of the most aggressive ransomware operations. The NAFFCO incident starkly illustrates the vulnerability of even those organizations tasked with protecting the critical infrastructure of an entire region.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
