Security researchers detect NATO data breach
Learn More
A cybersecurity research team at CloudSEK reported a significant data breach impacting NATO's Communities of Interests (COI) Cooperation Portal. The breach was caused by compromise of a user account on the COI portal.
The attackers are probably a threat actor group known as SiegedSec, which is known for carrying out politically motivated cyber attacks without demanding ransom.
The breach was initially detected on 24 July 2023 via a Telegram post made by SiegedSec, claiming responsibility for the successful compromise of NATO’s COI Cooperation Portal.
The compromised user account exposed unclassified documents and sensitive user-related information from approximately 31 nations. The breach exposes approx 845 MB of compressed data, including unclassified documents belonging to NATO and its partner countries.
Within the leaked data were around 8,000 records of sensitive user information, such as
- full names,
- company/unit details,
- working group affiliations,
- job titles,
- business email IDs,
- residence addresses,
- photos.
Since the login process on the COI Cooperation Portal is vetted by the site owner, it's suspected that the credential theft was performed off-platform, probably by keylogger tools or scraping of other leaked credentials.
Interestingly, SiegedSec claim that the data breach is not linked to the ongoing Russia-Ukraine conflict. Instead, they asserted that it was an act of retaliation against NATO countries perceived to be disregarding human rights issues.
