Category: Adversary Intelligence
Industry: Government
Motivation: Reputation
Region: Multiple
Source*:
A: Reliable
2: Probably true
Executive Summary
- SiegedSec claims to have exposed unclassified documents for NATO’s COI Cooperation Portal which is NATO's unclassified information-sharing and collaboration environment.
- The leak consists of 845 MB of compressed data.
- The leaked information includes unclassified documents pertaining to the partnered countries and access to user accounts.
- Around 8K rows of user-related sensitive information.
Analysis and Attribution
Information from the Post
On 24 July 2023, CloudSEK’s contextual AI digital risk platform XVigil discovered a Telegram post where a highly reputed threat actor group disclosed the data breach of the COI (Communities of Interests) Cooperation Portal, NATO's unclassified information-sharing and collaboration environment. The portal supports NATO organizations, NATO Nations, and their mission partners' public administration.
According to NATO’s definition, unclassified information should only be used for official purposes, and not be released without authorization nor published online.
- The actor mentioned in the post that the following information has been leaked:
- Documents marked NATO UNCLASSIFIED is managed and owned by NATO pertaining to the partnered countries.
- Access to user accounts
- The claim highlights that approximately 31 nations have been impacted by this leak with around 845 MB of compressed data exposed.
- As per the official website, we identified the login process is vetted by the site owner.
- With low confidence and no direct proof, we assess that the credentials for the compromised user account may have likely been sourced from stealer logs.
Motivation
- According to the post, the group responsible for this action asserts that the leak is unrelated to the ongoing conflict between Russia and Ukraine.
- Instead, it is portrayed as a form of retaliation targeting NATO countries that are perceived to be disregarding human rights issues.
Analysis of the Data
The data is fully available for download. It contains 8K records of user-related sensitive information such as:
- Full name,
- Company/Unit
- Working group
- Job Title
- Business Email ID
- Residence address
- Photo
According to NATO’s definition, unclassified information should only be used for official purposes, and not be released without authorization nor published online. Our analysis suggests that there are at least 20 unclassified documents in the leak.
Threat Actor Activity and Rating
References
- *Intelligence source and information reliability - Wikipedia
- #Traffic Light Protocol - Wikipedia
- https://www.nato.int/cps/en/natohq/declassified_138449.htm
Appendix
