NATO investigating breach, leak of internal documents | CyberScoop<\/title> <meta name=\"description\" content=\"A politically motivated hacking group known as SiegedSec claims to have breached NATO systems and leaked a cache of documents online.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/nato-siegedsec-breac\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"NATO investigating breach, leak of internal documents\"> <meta property=\"og:description\" content=\"A politically motivated hacking group known as SiegedSec claims to have breached NATO systems and leaked a cache of documents online.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/nato-siegedsec-breac\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-10-03T18:47:23+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1281\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1695397585g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1693499496g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1695741454g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7af46db108fbc62fdcc9\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/77449\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=77449\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnato-siegedsec-breac%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnato-siegedsec-breac%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-77449 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/nato-siegedsec-breac\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.607269503546\">\n<div class=\"single-article__header-content\" readability=\"30.237885462555\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> A politically motivated hacking group known as SiegedSec claims to have breached NATO systems and leaked a cache of documents online. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=1536,1025 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> Polish and Romanian soldiers stand next to military vehicles and a NATO flag on the sidelines of a press conference of the Polish and Lithuanian president following a joint visit of the NATO Multinational Division North East mobile command center near Szypliszki village on July 7, 2022. (Photo by WOJTEK RADWANSKI\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"35.489390276659\"><body readability=\"71.408314350797\"><\/p>\n<p>NATO is investigating claims by a politically motivated hacktivist group that it breached the defense alliance\u2019s computer systems, which, if confirmed, would mark the second time in the last three months that the group known as SiegedSec has broken into NATO systems. <\/p>\n<p>SiegedSec, a cybercrime group with a history of politically-motived attacks, claimed on its Telegram channel on Saturday that it had stolen roughly 3,000 NATO documents and posted six screenshots allegedly showing access to various NATO web pages. The group claimed the 3,000 stolen files total more than nine gigabytes of data. <\/p>\n<p>\u201cNATO cyber experts are actively addressing incidents affecting some unclassified NATO websites,\u201d a NATO official told CyberScoop Tuesday. \u201cAdditional cyber security measures have been put in place. There has been no impact on NATO missions, operations and military deployments.\u201d<\/p>\n<p>In July, SiegedSec <a href=\"https:\/\/cyberscoop.com\/nato-breach-of-unclassified-information-siegedsec\/\">posted a link<\/a> to roughly 700 files stolen from the NATO Community of Interest Cooperation Portal, an unclassified information sharing and collaboration site maintained by the international agency.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>At the time, NATO confirmed to CyberScoop that it was reviewing the matter. On Tuesday, the NATO official declined to comment on the status of that investigation. <\/p>\n<p>According to SiegedSec\u2019s message Saturday, files from the attack come from the Joint Advanced Distributed Learning platform, the NATO Lessons Learned Portal, the Logistics Network Portal, the Communities of Interest Cooperation Portal and the NATO Standardization Office. CyberScoop was not able to independently confirm the authenticity of the files but is reporting on SiegedSec\u2019s claim given its track record of purported attacks against NATO. <\/p>\n<p>Hacking groups supportive of the Russian government, such as Killnet, have in recent months posted files online claimed to have been stolen from NATO, which has taken on a key role in coordinating aid to Ukraine following Russia\u2019s invasion. But SiegedSec claims no affiliation with a state and has cited its attacks on Russian targets as evidence of its independence. <\/p>\n<p>In a message posted alongside its breach of NATO in July, SiegedSec said the attack had \u201cnothing to do with the war between Russia and Ukraine\u201d and said it was \u201ca retaliation against the countries of NATO for their attacks on human rights.\u201d<\/p>\n<p>SiegedSec emerged as a group on Telegram in April of 2022 and quickly began sharing data and files it claimed had been stolen from organizations around the world. In the summer of 2022, the group <a href=\"https:\/\/therecord.media\/kentucky-arkansas-say-abortion-ban-leaks-used-publicly-available-data\">claimed attacks on state websites<\/a> in Kentucky and Arkansas over those states\u2019 legislative efforts to limit access to abortion. In July, the <a href=\"https:\/\/cyberscoop.com\/siegedsec-hack-transition-bans-satellite-systems\/\">group claimed to have targeted<\/a> multiple satellite receivers and industrial control systems \u201cparticularly in states banning gender affirming care.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>After those attacks, a SiegedSec representative told CyberScoop that they consider themselves \u201cmore blackhat than hacktivists.\u201d Money \u201cis not our main goal,\u201d the person said. \u201cMost of the time we just want to have fun and destroy stuff.\u201d<\/p>\n<p>More recently the group has claimed connections with other cybercrime groups or channels that advertise financially-motivated extortion activity and has also promoted a channel selling what it says is access to compromised government email accounts and other platforms to enable fraudulent emergency data requests, <a href=\"https:\/\/cyberscoop.com\/twitter-emergency-disclosure-request-lalartu-aleksandr-sikerin-revil-ransomware-researcher-threats\/\">which can be used to obtain private information<\/a> on people from various social media platforms.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2928571428571\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/nato-investigating-breach-leak-of-internal-documents-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/nato-siegedsec-breac\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NATO investigating breach, leak of internal documents | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,1024,353,661,568],"tags":[286,1025,357,662,571],"class_list":["post-1820","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-europe","category-hacktivism","category-nato","category-siegedsec","tag-cybercrime","tag-europe","tag-hacktivism","tag-nato","tag-siegedsec"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/europe\/\" rel=\"category tag\">Europe<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacktivism\/\" rel=\"category tag\">hacktivism<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nato\/\" rel=\"category tag\">NATO<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/siegedsec\/\" rel=\"category tag\">SiegedSec<\/a>","tag_info":"SiegedSec","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1820"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1820\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1820,"date":"2023-10-03T18:47:23","date_gmt":"2023-10-03T18:47:23","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=77449"},"modified":"2023-10-03T18:47:23","modified_gmt":"2023-10-03T18:47:23","slug":"nato-investigating-breach-leak-of-internal-documents","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/10\/03\/nato-investigating-breach-leak-of-internal-documents\/","title":{"rendered":"NATO investigating breach, leak of internal documents"},"content":{"rendered":"