Naval Undersea Warfare Center Newport Company CyberSecurity Posture
http://www.navsea.navy.mil/Home/Warfare-Centers/NUWC-Newport/
Mission: The Naval Undersea Warfare Center Division Newport provides research, development, test and evaluation, engineering, analysis, and assessment, and fleet support capabilities for submarines, autonomous underwater systems, and offensive and defensive undersea weapon systems, and stewards existing and emerging technologies in support of undersea warfare. Executes other responsibilities as assigned by the commander, Naval Undersea Warfare Center. Vision: Undersea Superiority: today and tomorrow
Company Details
naval-undersea-warfare-center-newport
2,865
26,963
92811
http://www.navsea.navy.mil/Home/Warfare-Centers/NUWC-Newport/
0
NAV_1456457
In-progress
NUWCN Risk Score (AI oriented)Between 750 and 799
NUWCN Global Score (TPRM)XXXX
Description: In January 2018, the **Naval Undersea Warfare Centre (NUWC)** in Newport, Rhode Island, suffered a severe **malware-driven data breach** orchestrated by Chinese state-sponsored hackers under the **Winnti Umbrella** campaign. The attackers exploited a **contractor’s system** to infiltrate NUWC’s network, exfiltrating **614GB of highly sensitive data**, including classified details of **Project Sea Dragon**—a critical undersea warfare initiative. The breach was part of a **decade-long espionage operation** targeting U.S. military and political entities, aiming to compromise national security assets. The stolen data likely included **proprietary defense technologies, operational plans, and intelligence**, posing a direct threat to U.S. naval capabilities. The incident underscored vulnerabilities in **supply chain security**, as third-party contractors became the entry point for advanced persistent threats (APTs). The breach’s scale and the nature of the compromised data suggest **long-term strategic consequences**, including potential advancements in adversarial military technology and compromised U.S. defense secrecy.
No incidents recorded for Naval Undersea Warfare Center Newport in 2025.
No incidents recorded for Naval Undersea Warfare Center Newport in 2025.
No incidents recorded for Naval Undersea Warfare Center Newport in 2025.
NUWCN cyber incidents detection timeline including parent company and subsidiaries
Mission: The Naval Undersea Warfare Center Division Newport provides research, development, test and evaluation, engineering, analysis, and assessment, and fleet support capabilities for submarines, autonomous underwater systems, and offensive and defensive undersea weapon systems, and stewards existing and emerging technologies in support of undersea warfare. Executes other responsibilities as assigned by the commander, Naval Undersea Warfare Center. Vision: Undersea Superiority: today and tomorrow
The mission of the U.S. Coast Guard is to protect the public, the environment, and U.S. economic interests — along the coast and our coastal borders, in the nation's ports and waterways, in international waters, or in any maritime region as required to support national security. As one of the six b
This is the Official LinkedIn Page of Marine Corps Recruiting. We make Marines. We win our nation's battles. We develop quality citizens. These are the promises the Marine Corps makes to our nation and to our Marines. The core values that guide us, and the leadership skills that enable us, not on
MISSION Throughout all 50 states and around the world, the Navy Reserve force delivers real-world capabilities and expertise to support the Navy mission — building a more lethal, warfighting culture focused on great power competition. VISION The Navy Reserve provides essential naval warfighting cap
Air Force Space Command, activated Sept. 1, 1982, is a major command with headquarters at Peterson Air Force Base, Colo. AFSPC provides military focused space and cyberspace capabilities with a global perspective to the joint warfighting team. People More than 40,000 professionals assigned to 13
U.S. Army Corps of Engineers Mission: Provide vital public engineering services in peace and war to strengthen our Nation’s security, energize the economy, and reduce risks from disasters. Privacy Policy/Social Media Guidelines: https://www.usace.army.mil/SocialMedia/ U.S. Army Corps of Engineers
The Air Force Reserve is an integral component of our Nation's air defense and military support network. Reservists bring knowledge, skills and expertise from their civilian experiences to support critical missions and training around the globe, while working alongside their Active Duty Air Force me
Welcome to the official U.S. Army LinkedIn page. The U.S. Army’s mission is to fight and win our Nation’s wars by providing prompt, sustained land dominance across the full range of military operations and spectrum of conflict in support of combatant commanders. If you're looking for news about t
The United States Marine Corps (USMC) is a branch of the United States Armed Forces responsible for providing power projection, using the mobility of the United States Navy, by Congressional mandate, to deliver rapidly, combined-arms task forces on land, at sea, and in the air. The U.S. Marine Corps
A career in the Canadian Armed Forces is more than a way to make a living. It’s a passport to a whole-life experience that will change you and allow you to change the lives of others. Join an organization that offers more than 100 different trades and professions. Obtain world-class qualification
.png)
The Naval Undersea Warfare Center's Mastery of the Seas at All Depths 2035 strategic vision aims to drive the command's adoption of...
NEWPORT, R.I. – Naval Undersea Warfare Center (NUWC) Division Newport Technical Director unveiled the command's 10-year strategic vision and...
Naval Undersea Warfare Center (NUWC) Division Newport Technical Director Marie Bussiere Unveiled The Command'S 10-Year Strategic…
The Naval Undersea Warfare Center (NUWC) Division Newport will hold an in-person recruiting event for science, technology, engineering and other career...
NEWPORT, R.I. — Melanie Smith is a candidate for a doctorate degree in oceanography at Syracuse University in New York, and in the coming...
NEWPORT, R.I. – When he first enrolled at Rhode Island College, Josh Hammond had visions of becoming a math teacher and took accounting...
The Naval Undersea Warfare Center (NUWC) Division Newport welcomed U.S. Rep. Gabe Amo (D-R.I.) on Oct. 22 for his first visit to the warfare...
NEWPORT -- The Naval Undersea Warfare Center (NUWC) Division Newport will host an on-site hiring fair for science, technology, engineering,...
MIDDLETOWN – At the turn of the 21st century, Aquidneck Island businessman Joe Marino, then 50, was contemplating retirement after his...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Naval Undersea Warfare Center Newport is http://www.navsea.navy.mil/Home/Warfare-Centers/NUWC-Newport/.
According to Rankiteo, Naval Undersea Warfare Center Newport’s AI-generated cybersecurity score is 758, reflecting their Fair security posture.
According to Rankiteo, Naval Undersea Warfare Center Newport currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Naval Undersea Warfare Center Newport is not certified under SOC 2 Type 1.
According to Rankiteo, Naval Undersea Warfare Center Newport does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Naval Undersea Warfare Center Newport is not listed as GDPR compliant.
According to Rankiteo, Naval Undersea Warfare Center Newport does not currently maintain PCI DSS compliance.
According to Rankiteo, Naval Undersea Warfare Center Newport is not compliant with HIPAA regulations.
According to Rankiteo,Naval Undersea Warfare Center Newport is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Naval Undersea Warfare Center Newport operates primarily in the Armed Forces industry.
Naval Undersea Warfare Center Newport employs approximately 2,865 people worldwide.
Naval Undersea Warfare Center Newport presently has no subsidiaries across any sectors.
Naval Undersea Warfare Center Newport’s official LinkedIn profile has approximately 26,963 followers.
Naval Undersea Warfare Center Newport is classified under the NAICS code 92811, which corresponds to National Security.
No, Naval Undersea Warfare Center Newport does not have a profile on Crunchbase.
Yes, Naval Undersea Warfare Center Newport maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/naval-undersea-warfare-center-newport.
As of November 27, 2025, Rankiteo reports that Naval Undersea Warfare Center Newport has experienced 1 cybersecurity incidents.
Naval Undersea Warfare Center Newport has an estimated 779 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Title: Malware Attack and Data Breach at Naval Undersea Warfare Centre (2018)
Description: In January 2018, the Naval Undersea Warfare Centre in Newport, Rhode Island, was hit by a malware attack resulting in a data breach. Hackers targeted a contractor working for the center, stealing 614GB of highly sensitive data, including information about **Project Sea Dragon**. The incident is believed to be part of a decade-long Chinese state-sponsored hacking campaign nicknamed **'Winnti Umbrella'**, targeting political and defense entities.
Date Detected: 2018-01
Type: malware attack
Attack Vector: supply chain attack (via contractor)malware
Threat Actor: Chinese state-sponsored actorsWinnti Umbrella (APT group)
Motivation: cyber espionageintellectual property theftmilitary intelligence gathering
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through compromised contractor.
Data Compromised: 614GB
Brand Reputation Impact: potential damage to U.S. defense credibilityexposure of classified military projects
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Classified Military Project Data, Project Sea Dragon Details and .
Entity Name: Naval Undersea Warfare Centre (NUWC)
Entity Type: government/military research facility
Industry: defense
Location: Newport, Rhode Island, USA
Entity Name: Unnamed contractor (targeted as entry point)
Entity Type: third-party vendor
Industry: defense contracting
Type of Data Compromised: Classified military project data, Project sea dragon details
Sensitivity of Data: high (top-secret/confidential military intelligence)
Data Exfiltration: True
Regulations Violated: potential violations of U.S. defense secrecy laws (e.g., ITAR, EAR), classified information handling protocols,
Source: U.S. Department of Justice (DOJ) indictments related to Winnti Umbrella
Source: Cybersecurity reports on Chinese APT groups (e.g., FireEye, CrowdStrike)
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: U.S. Department of Justice (DOJ) indictments related to Winnti Umbrella, and Source: Cybersecurity reports on Chinese APT groups (e.g., FireEye, CrowdStrike).
Entry Point: compromised contractor
High Value Targets: Project Sea Dragon, Military R&D Data,
Data Sold on Dark Web: Project Sea Dragon, Military R&D Data,
Root Causes: Third-Party Vendor Security Weaknesses, Supply Chain Vulnerability,
Last Attacking Group: The attacking group in the last incident was an Chinese state-sponsored actorsWinnti Umbrella (APT group).
Most Recent Incident Detected: The most recent incident detected was on 2018-01.
Most Significant Data Compromised: The most significant data compromised in an incident was 614GB.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was 614GB.
Most Recent Source: The most recent source of information about an incident are Cybersecurity reports on Chinese APT groups (e.g., FireEye, CrowdStrike) and U.S. Department of Justice (DOJ) indictments related to Winnti Umbrella.
Most Recent Entry Point: The most recent entry point used by an initial access broker was an compromised contractor.
.png)
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid