Hack Crew Responsible for Stolen Data, NATO Investigates Claims

SiegedSec, a hacktivist crew that targets government bodies, shared on their Telegram channel what they claim to be stolen NATO documents. 

NATO is now investigating these claims, which, if true, mean that the hackers broke into the military alliance’s information-sharing and collaboration IT hub and stole information belonging to 31 nations before leaking up to 845MB of data. The Telegram post that shared the information included screenshots of the files and a no-longer-working link for anyone to download the data. 

CloudSEK, a threat intelligence firm, says that after an analysis of the data that was dropped, SiegedSec leaked unclassified documents and around 8,000 personal records containing personal information such as names, working groups, job titles, email addresses, home addresses, and more. 

The hacktivist group says that the theft of this information is unrelated to the Russia-Ukraine war but is instead related to the countries affiliated with NATO and “their attacks on human rights.”

NATO officials answered no specific questions about the hack but released a public statement saying “NATO cyber experts are actively looking into the recent claims associated with its Communities of Interest Cooperation Portal. We face malicious cyber activity on a daily basis and NATO and its allies are responding to this reality, including by strengthening our ability to detect, prevent and respond to such activities. NATO’s classified networks are not affected and there is no impact on NATO operations. Investigation and mitigation activities are ongoing by our experts.”

It is still unclear as to how exactly the group gained access into these information-sharing and IT environments, but CloudSEK believes that it potentially could have been through the use of stolen credentials.