According to National Defense Corporation (NDC), AMTEC is a manufacturer of lethal and non-lethal ammunition, explosives, and cartridges for military and law enforcement use. They write, “Globally, AMTEC is the largest volume producer of 40mm Grenade Ammunition and Fuzing. Their capabilities include precision assembly, explosive load, assemble and pack, metal forming and plating, and primary explosive manufacturing.”
NDC is a fully owned subsidiary of National Presto Industries, Inc., and is headquartered in Janesville, Wisconsin.
On its darkweb leak site (DLS), InterLock claims to have hacked them and exfiltrated 4,200 GB of files consisting of 2,900,205 files and 449,989 folders. Some screenshots were provided as proof of claims.
On March 29, DataBreaches emailed NDC to ask whether they would confirm whether or not they had been the victim of an attack and extortion/ransom demand, and if so, what had they done in response to it. No reply has been received.
At the same time, DataBreaches also emailed InterLock, who declined to state how they gained access but did respond to other queries from this site. In response to a question as to whether NDC had ever detected them or kicked them out, InterLock’s spokesperson responded, “No, the people responsible for monitoring in the company were not doing their job.”
The company allegedly did respond to InterLock, however, and engaged in some negotiations that InterLock characterized as unsuccessful. InterLock provided DataBreaches with a quote, allegedly from one of NDC’s messages:
To be clear, secrecy was never an option as we are required to make certain disclosures in the event of a cyber incident. Those disclosures have already been made directly to U.S. government agencies as well as the public. The incident is now in the public domain. Additionally, the nature of our business does not support the belief that the stolen information holds significant third-party value. We manufacture low-tech commodities, many of which were originally designed in the 1930s—nearly a century ago—with some more recent designs dating back to the 1960s. You are dealing with a small company, and the circumstances here are typical of businesses our size. The percentage of revenue applicable to incidents like this generally falls between 0.02% and 0.04%, which is consistent with the insurance coverage we maintain. As we noted in our message on Monday, we are not in crisis mode – operations have returned to normal.
Although NDC’s chat messages describes disclosures, DataBreaches could find no disclosure on its website or on AMTEC’s website. However, the parent corporation, National Presto Industries, filed a report with the Securities and Exchange Commission on March 6 that stated:
Item 1.05 Material Cybersecurity Incident.
On March 1, 2025, the Registrant experienced a system outage caused by a cybersecurity incident. Upon discovery, the Registrant activated its incident response team, comprised of internal personnel and external cybersecurity experts retained to assist in addressing the incident.
The Registrant is actively conducting a forensic analysis to determine the nature, scope and impact of the incident. At this time, no conclusive evidence has been identified, but the investigation remains ongoing.
In coordination with legal counsel, the Registrant has notified relevant law enforcement about the matter, and has or will notify relevant federal and state regulatory bodies and agencies, and applicable consumer protection agencies, in accordance with applicable laws.
The incident has temporarily impacted the Registrant’s operations, including shipping and receiving, some manufacturing processes, and various other back office functions, much of which are in the process of being restored. The Registrant has implemented temporary measures to maintain critical functions while systems are being restored.
While the full scope of the impact is not yet known, the incident could have the potential to have a material impact on the Registrant’s financial condition and results of operations. The Registrant is continuing its forensic investigation and analysis to assess the potential impact.
According to InterLock’s spokesperson, “all AMTEC, Tech Ord, and PRESTO systems were fully encrypted” in the attack.