SiegedSec Allegedly Breached NATO’s COI Portal Affecting 31 Nations Leaked Sensitive Data
SiegedSec claims to have exposed unclassified documents for NATO’s COI Cooperation Portal which is NATO's unclassified information-sharing and collaboration environment.The leak consists of 845 MB of compressed data.
Updated on
July 26, 2023
Published on
July 26, 2023
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
SiegedSec claims to have exposed unclassified documents for NATO’s COI Cooperation Portal which is NATO's unclassified information-sharing and collaboration environment.
The leak consists of 845 MB of compressed data.
The leaked information includes unclassified documents pertaining to the partnered countries and access to user accounts.
Around 8K rows of user-related sensitive information.
Analysis and Attribution
Information from the Post
On 24 July 2023, CloudSEK’s contextual AI digital risk platform XVigil discovered a Telegram post where a highly reputed threat actor group disclosed the data breach of the COI (Communities of Interests) Cooperation Portal, NATO's unclassified information-sharing and collaboration environment. The portal supports NATO organizations, NATO Nations, and their mission partners' public administration.
Alleged Access to COI Corporation Portal
According to NATO’s definition, unclassified information should only be used for official purposes, and not be released without authorization nor published online.
The actor mentioned in the post that the following information has been leaked: - Documents marked NATO UNCLASSIFIED is managed and owned by NATO pertaining to the partnered countries. - Access to user accounts
The claim highlights that approximately 31 nations have been impacted by this leak with around 845 MB of compressed data exposed.
As per the official website, we identified the login process is vetted by the site owner.
With low confidence and no direct proof, we assess that the credentials for the compromised user account may have likely been sourced from stealer logs.
Motivation
According to the post, the group responsible for this action asserts that the leak is unrelated to the ongoing conflict between Russia and Ukraine.
Instead, it is portrayed as a form of retaliation targeting NATO countries that are perceived to be disregarding human rights issues.
Analysis of the Data
The data is fully available for download. It contains 8K records of user-related sensitive information such as:
Full name,
Company/Unit
Working group
Job Title
Business Email ID
Residence address
Photo
According to NATO’s definition, unclassified information should only be used for official purposes, and not be released without authorization nor published online. Our analysis suggests that there are at least 20 unclassified documents in the leak.
Threat Actor Activity and Rating
Threat Actor Profiling
Active since
April 2022
Reputation
High
Current Status
Active
History
The SiegedSec group has been targeting organizations worldwide since they are active. They don’t have a ransomware history. Some hacks are chosen victims, others are aleatory. They like to make the leaks available for download and promote chaos with it.
More information and context about Underground Chatter
On-Demand Research Services
Global Threat Intelligence Feed
Protect and proceed with Actionable Intelligence
The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.