A ransomware group calling itself ShadowVault says it has breached a major U.S. defense contractor and encrypted parts of its systems. The claim surfaced on the group’s leak site, where it posted screenshots it says show stolen files from the company.

Reuters reported the allegation on Saturday, but the publication did not independently verify whether the attackers actually gained access to the contractor’s network or whether the files displayed were authentic. That distinction is important in ransomware cases, where criminal groups often exaggerate or stage evidence to pressure victims into paying.

If confirmed, the incident would add to growing concerns about cyber risks facing defense suppliers, which hold sensitive information and support critical national security work. Companies in the sector remain frequent targets because a successful intrusion can expose proprietary data, disrupt operations, and create broader security implications.

The contractor has not publicly detailed the extent of any impact, and investigators typically need time to determine whether the breach claim is credible. For now, the case remains an allegation, not a confirmed compromise.