Cyber Security Threat Summary:
NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec. The COI Cooperation Portal (dnbl.ncia.nato.int) is the military alliance's unclassified information-sharing and collaboration environment, dedicated to supporting NATO organizations and member nations. Yesterday, the hacking group 'SiegedSec' posted on Telegram what they claimed to be hundreds of documents stolen from the COI Cooperation Portal.

According to cybersecurity firm CloudSEK which analyzed the allegedly leaked data, the data consists of 845MB of files pertaining to sensitive information, unclassified documents, and user account access details:

• Full name
• Company/Unit
• Working group
• Job Title
• Business Email ID
• Residence address
• Photo

NATO says it is currently conducting an investigation to determine the legitimacy of the attack. If confirmed true, 31 nations of the NATO alliance are at risk of having their data leaked to the public.

Security Officer Comments:
The development comes after the same threat actor claimed to breach Atlassian earlier this year, leaking thousands of employee records including email addresses, phone numbers, names, and much more. Taking a closer look at this group’s activities, SiegedSec seems to be motivated by social and political agendas rather than financial gain. According to a post made by the group on Telegram, the latest attack “has nothing to do with the war between Russia and Ukraine. Rather the actors claim it is an act of retaliation against the countries of NATO for their attacks on human rights.

Link(s):
https://www.bleepingcomputer.com/