SiegedSec, a hacktivist crew that targets government bodies, shared on its Telegram channel what members claim are stolen NATO documents with information belonging to 31 nations.
NATO is now investigating these claims, which if true means that the hackers would have had to break into a military alliance's information-sharing and collaboration IT hub, before leaking what amounts up to 845 MB of data. The Telegram post that shared the information included screenshots of the files and a no-longer-working link for anyone to download the data.
CloudSEK, a threat intelligence firm, said that after an analysis of the data that was dropped, SiegedSec appears to have leaked unclassified documents and around 8,000 personal records containing information such as names, working groups, job titles, email addresses, home addresses, and more.
The hacktivist group says that the theft of this information is unrelated to the Russia-Ukraine war but is instead related to the countries affiliated with NATO and "their attacks on human rights."
NATO officials answered no specific questions about the hack but released a public statement saying, "NATO cyber experts are actively looking into the recent claims associated with its Communities of Interest Cooperation Portal. We face malicious cyber activity on a daily basis and NATO and its allies are responding to this reality, including by strengthening our ability to detect, prevent and respond to such activities. NATO's classified networks are not affected and there is no impact on NATO operations. Investigation and mitigation activities are ongoing by our experts."
It is still unclear as to how exactly the group gained access into the information sharing and IT environments, but CloudSEK believes that it could potentially have been through the use of stolen credentials.