Safepay Ransomware Gang Targets U.S. DoD Contractor Hardwick Tactical
Published on September 1, 2025
- DoD contractor: The Hardwick Tactical DoD contractor was reportedly hit by a Safepay ransomware cyberattack.
- Threat actor claims: Contrary to general practice, Safepay did not offer leaked samples to back the claim.
- Details unknown: The scope of the alleged breach and the nature of the possibly exfiltrated data are yet unknown.
The Safepay ransomware has publicly claimed responsibility for compromising Hardwick Tactical, a critical component of the U.S. defense supply chain, which specializes in manufacturing protective and dress clothing for multiple branches of the U.S. military.
Defense Supply Chain Vulnerability Exposed
Hardwick Tactical operates as a specialized supplier within the defense industrial base, providing essential protective equipment and uniform components to military personnel across various service branches.
A potential Hardwick Tactical data breach would align with the persistent threat landscape facing organizations with direct contractual relationships to national security operations.
At the time of initial reporting, the Safepay ransomware operators have not released sample files or additional evidence to confirm the extent of their alleged system access.
This absence of proof-of-compromise materials leaves uncertainty regarding the scope of data exfiltration and the specific nature of potentially compromised information within the contractor's network infrastructure.
Escalating Ransomware Threats
The potential targeting of companies like Hardwick Tactical reflects the threat actors' understanding of defense supply chain dependencies and potential high-value targets within this sector.
Recently, the U.S. Department of Justice announced its intent to pursue government contractors “when they fail to follow required cybersecurity standards.”
In May, U.S. defense contractors Raytheon and Nightwing Group agreed to settle allegations that Raytheon did not have ample cybersecurity protections.
The Safepay Ransomware-as-a-Service (RaaS) group debuted in November 2024 and typically targets sectors such as education, technology, healthcare, transportation, and manufacturing. The latest SafePay claim was an attack on IT Leader Ingram Micro.
Critical Need for Enhanced Defense Sector Cybersecurity
Organizations operating within the defense industrial base require specialized security frameworks addressing both traditional IT infrastructure and operational technology systems.
Implementation of advanced threat detection capabilities, continuous monitoring protocols, and incident response procedures becomes essential for maintaining operational continuity and protecting sensitive defense-related assets from evolving cyber threats.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular