The hacktivist group SeigedSec has claimed to compromise the COI Cooperation portal operated by the NATO Communications and Information Agency.
The NATO cyber attack has allegedly let the hackers gain access to 845 MB of data, including eight folders belonging to internal agencies.
NATO cyber attack
NATO confirmed that they were investigating claims of a cyber attack in the hands of the SeigdeSec hacker group.
“NATO cyber experts are actively looking into the recent claims associated with its Communities of Interest Cooperation Portal,” a NATO official told The Cyber Express.
“We face malicious cyber activity on a daily basis, and NATO and its Allies are responding to this reality, including by strengthening our ability to detect, prevent and respond to such activities.
The official further stated, “NATO’s classified networks are not affected and there is no impact on NATO operations. Investigation and mitigation activities are ongoing by our experts’.”
The IT team of the intergovernmental military alliance is investigating the data theft from the Communities of Interest (COI) Cooperation portal.
The 845 MB database of sensitive information claimed to be stolen in the NATO cyber attack impacted the following NATO agencies –
- Approved Fielded Products List (AFPL)
- Federated Mission Networking (FMN)
- Joint Logistics Support Group (JLSG)
- NATO Communications and Information Systems Group (NCISG)
- NATO Electronic Warfare Advisory Committee (NEWAC)
- Science and Technology Organization (STO)
- STO22
- STO23
Folder with sensitive details accessed in NATO cyber attack
Most of the folders accessed by SeigedSec in the NATO cyber attack were marked Unclassified, and not to be released without authorization.
According to the group’s claim, they have a folder with a text file from the NATO agencies’ cyber attacks with sensitive information. The information contained in the text file included a contact list of the officials with their email addresses and phone numbers.
The text file also contained the designation of different nationalities and e-meeting invites noted on it. SeigedSec claimed to have accessed STO22 and STO23-related sensitive documents from the NATO agencies’ cyber attack.
The documents contained communication protocols and device configurations. The documents also had several URLs noted on them with subdomain dnbl.ncia.nato.int.
It is speculated that the SeigedSec hacker group might have used stealer logs to steal sensitive data including names and phone numbers.
Stealer logs refer to information-stealing malware used by hackers to infect the targeted system. It enables them to access and exfiltrate sensitive information from systems.
NATO cyber attack for the sake of ‘human rights’
The hacktivist group mentioned on their Telegram channel that they did not target NATO due to the Russo-Ukrainian war.
The post read, “We’d like to emphasize this attack on NATO has nothing to do with the war between Russia and Ukraine, this is a retaliation against the countries of NATO for their attacks on human rights.”
The NATO cyber attack according to the hackers was to get the message across to each NATO country.
The post started with casual statements asking about NATO and if NATO was liked by the readers. “And so, we present… a leak of hundreds of documents retrieved from NATO’s COI portal, intended only for NATO countries and partners,” the post about the NATO cyber attack read.
They concluded the message by saying that they will be back for more soon suggesting that they will be launching more cyber attacks against NATO and others they consider against human rights.
Young hackers posing a threat to global organizations
Statements like, “Also, its fun to leak documents,” throw light on the playfulness with which such grave cyber attacks are launched.
International organizations, military, government websites, intelligence websites and everything else is within reach of amateur hackers.
Lapsus$ hacker group’s members caught were 17 and 18 years old respectively. Upon psychiatric assessment, one was considered unfit for trial.
Hackers that are unfit for court trial infiltrate websites that are secured with the most sophisticated security tools.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.