Cyber Incident Victim: North Atlantic Treaty Organization
Date:
Oct 2023
Location:
Belgium
Summary
A politically motivated hacking group known as SiegedSec breached unclassified NATO websites, leaking a trove of non-public strategic documents. The stolen material included research and planning insights on topics such as hypersonic weapons, drone threats, and radioactive waste testing procedures. The alliance confirmed it was actively addressing the incidents affecting its unclassified portals and had implemented additional cybersecurity measures, stating there was no impact on its missions or military operations. This event represented the second time in a few months that the group had claimed responsibility for hacking the victim's systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 3, 2023, NATO acknowledged it was actively addressing incidents affecting its unclassified websites following claims by a hacking group that it had stolen numerous strategic planning and research documents. The politically motivated hacktivist group SiegedSec publicly claimed responsibility for the breach, leaking the documents on the social media platform Telegram. According to their statements, this marked the second time in three months that the group had successfully hacked unclassified NATO websites. The hackers specified they had breached the “lessons learned” online portal, among other sites, which is a system NATO uses to share strategic insights and research with military officials across the alliance. A trove of the purported NATO documents was posted online in the week leading up to the announcement, covering a range of topics including hypersonic weapons, threats from drones, and testing procedures for radioactive waste.
In its official statement, a NATO spokesperson confirmed that cyber experts were addressing the incidents and that additional cybersecurity measures had been implemented as a response. The alliance stated there had been no impact on its missions, operations, and military deployments as a result of the breach. The Daily Dot online news site was the first to report on NATO’s investigation into the hacking incident. The apparent cyber intrusions raised questions about NATO’s ability to protect the communication networks it uses to share unclassified but non-public insights into emerging technologies and security threats among its members. SiegedSec is a group known for a series of hacks against US state and local government websites over the preceding 18 months, though their specific motivation for targeting NATO was not immediately clear from their public announcements. The incident served as a reminder of the persistent digital threats facing Western governments and alliances, particularly in the context of intelligence sharing during Russia’s war in Ukraine.