Scroll Top

Suspected Russian-linked hacker group gains access to NATO-related Microsoft 365 environment


Emerging reports suggest that SiegedSec, a hacker group potentially affiliated with Russian actors, has managed to breach a Microsoft 365 environment. Based on available screenshots, it appears that the group has gained access to a SharePoint portal containing documents from the Steadfast Cobalt 2022 exercise. Of particular concern is the revelation that the hackers seem to have infiltrated an account associated with the NATO CIS Group (NCISG), the internal IT service provider.

Further details indicate that screenshots have been shared, displaying NATO Unclassified documents, including an NCISG staff order. It is unlikely that highly classified information is present within the 850 MB of stolen documents, as NATO regulations strictly prohibit such disclosure. NATO Unclassified data is defined as official information owned and managed by NATO, with a specific level of security marking. This type of information should only be used for official purposes and not released or published online without authorization.

NATO UNCLASSIFIED designation is akin to copyright protection, signifying NATO’s intellectual property rights over the information, but without meeting the criteria for classification. Access to such information by non-NATO entities is permissible as long as it does not pose a threat to NATO’s interests.

While it does not appear that the information was intentionally made available to outsiders, the leaked data of 850 MB does contain sensitive details about networks, network diagrams, and extensive domain information. The data seems to originate from Allied Joint Forces Command in Brunssum. assesses that the damage on military strategic grounds appears limited with the data leaked by SiegedSec. However, the exposure of sensitive information and the potential unauthorized access to NATO-related accounts can tarnish the organization’s reputation. The leaked data may not pose significant risks in terms of classified military operations, but it could have implications for cybersecurity and diplomatic relations.

It remains crucial for organizations, including NATO, to remain vigilant and bolster their cybersecurity measures to prevent future incidents of unauthorized access and data breaches. The incident serves as a stark reminder of the ongoing threats posed by sophisticated hacker groups with potential state affiliations and highlights the importance of continuous efforts to secure digital environments and protect sensitive information.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.