Ransomware group claims major breach at Dubai-based NAFFCO

• NAFFCO joins the growing list of high-value industrial and manufacturing sector targets hit by ransomware gangs in 2025

Dubai-based National Fire Fighting Manufacturing FZCO (NAFFCO), a leader in fire protection systems and equipment, has reportedly fallen victim to a significant cyberattack.

The INC Ransom group, a well-known cyber extortion collective, likely linked to Russia, emerged in July 2023 has claimed responsibility for the breach, listing NAFFCO on their dark web leak site on November 17.

In a statement posted online, the threat actors took aim at NAFFCO’s “Passion to Protect” slogan, jeering, “We do not know for certain how well they protect their clients, but they could not protect themselves.” The group alleges to have exfiltrated approximately 1TB of corporate data, including highly sensitive documentation.

Data compromised

INC Ransom provided screenshots, claiming to demonstrate their access to a trove of confidential materials. According to the group, the stolen data set includes:

• Passport copies and employee identification documents
• Fiscal and financial records, including spreadsheets and budgets
• Internal emails and correspondence
• Human Resources records and personnel files
• Strategic development plans

The full extent of the breach is yet to be independently verified. However, NAFFCO, with annual revenues reportedly reaching $4.4 billion, joins the growing list of high-value industrial and manufacturing sector targets hit by ransomware gangs in 2025.

Ongoing threats to industrial sector

Security analysts have noted the accelerated targeting of industrial firms over the past year, with ransomware actors seeking not just direct financial gain, but also to exert pressure by threatening large-scale data leaks.

A spokesperson for NAFFCO has not yet commented on the incident. Cybersecurity experts recommend that all organisations in critical infrastructure and industrial manufacturing assess their security postures, as threat actors increasingly target operationally vital sectors.

This breach underscores the persistent challenges companies face in safeguarding digital assets, even as they strive to protect the lives and property of their customers around the world.