NATO is currently conducting an investigation into data theft from its unclassified websites, with hacker group SiegedSec claiming to have stolen 9 GB of data.
NATO is presently investigating allegations of data theft from unclassified websites under its jurisdiction. The hacking collective SiegedSec, which gained notoriety for its involvement in several recent cyberattacks targeting U.S. municipalities in the past year, has claimed to have successfully exfiltrated 9 GB of data.
On Telegram, SiegedSec proudly announced that it had infiltrated various training and informational portals managed by NATO. They allegedly stole data from the following sources:
- Joint Advanced Distributed Learning
- NATO Lessons Learned Portal
- Logistics Network Portal
- Communities of Interest Cooperation Portal
- NATO Investment Division Portal
- NATO Standardization Office
The group shared a link to the stolen data, with the majority of the more than 3,000 documents originating from the NATO Standardization Office. NATO has not disclosed the timing of the breach or the extent of the information accessed.
The spokesperson assured that NATO has implemented additional cybersecurity measures, with no apparent impact on NATO missions, operations, or military deployments.
This incident marks NATO’s second encounter with SiegedSec hackers, following an attack in July that targeted the Communities of Interest Cooperation Portal. During that breach, personal data from individuals in at least 31 countries was reportedly compromised.
Previously, NATO had indicated that its cybersecurity experts were examining the situation but had not provided updates regarding the authenticity of the leaked information.
During the summer, SiegedSec gained attention by attacking various state-run websites in Nebraska, South Dakota, Texas, Pennsylvania, and South Carolina. They later claimed to have infiltrated government systems in Fort Worth, Texas, although officials determined that much of the information was already publicly accessible.
In a separate incident last year, SiegedSec purportedly hacked the governments of Arkansas and Kentucky following the Supreme Court decision to overturn Roe v. Wade. State officials confirmed that the group had simply downloaded publicly available record data in those cases.
Related story:
