NATO investigates alleged data theft by SiegedSec hackers


NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec.

The COI Cooperation Portal (dnbl.ncia.nato.int) is the military alliance’s unclassified information-sharing and collaboration environment, dedicated to supporting NATO organizations and member nations.

Yesterday, the hacking group ‘SiegedSec’ posted on Telegram what they claimed to be hundreds of documents stolen from the COI Cooperation Portal.

SiegedSec post on Telegram
SiegedSec post on Telegram

Cybersecurity company CloudSEK analyzed the leaked data and found that it comprises 845MB of files, 8,000 rows of user-related sensitive information, unclassified documents, and user account access details.

The details found in the leaked data include:

  • Full name
  • Company/Unit
  • Working group
  • Job Title
  • Business Email ID
  • Residence address
  • Photo

CloudSEK’s analysis indicates that the data leak, if confirmed, impacts 31 nations that are members of the NATO alliance.

In response to a request to comment on the authenticity of the leaked data, a NATO official told BleepingComputer that they are investigating the claims.

“NATO cyber experts are actively looking into the recent claims associated with a Communities of Interest Cooperation Portal,” a NATO spokesperson told BleepingComputer.

“We face malicious cyber activity on a daily basis and NATO and Allies are responding to this reality, including by strengthening our ability to detect, prevent and respond to such activities.”

SiegedSec, who at the start of the year claimed a breach on the software company Atlassian, and leaked thousands of employee records, email addresses, phone numbers, names, and more, does not appear to be financially motivated.

Instead, the threat actors are more like hacktivists, who appear to be more interested in leaking stolen data and taking advantage of the generated chaos to make a statement, or as they say, simply for fun.

Referring to the alleged COI portal hack, SiegedSec says the attack is in protest to NATO member countries’ attacks on human rights.

“We’d like to emphasize this attack on NATO has nothing to do with the war between Russia and Ukraine, this is a retaliation against the countries of NATO for their attacks on human rights (- Also, its fun to leak documents ^w&^),” SiegedSec wrote to their Telegram channel.



Source link