Data Security, Breach

SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack


The North Atlantic Treaty Organization (NATO) said politically motivated hacktivists claim to have stolen nine gigabytes of data amounting to some 3,000 files in a breach of the alliance’s network systems.

The SiegedSec crew, which has been involved in a number of hacks on municipalities in the last year, said on its Telegram channel that it has posted six screenshots showing access to some NATO web pages. It was its second NATO break-in since July when it rifled about 700 unclassified files from the NATO Community of Interest Cooperation Portal, Cyberscoop reported.

NATO said it was investigating the alleged breach in what appears to have been a minor incident involving unclassified documents.

“NATO cyber experts are actively addressing incidents affecting some unclassified NATO websites,” a NATO official told CyberScoop. “Additional cybersecurity measures have been put in place. There has been no impact on NATO missions, operations and military deployments.”

What SiegedSec Stole from NATO

According to a report in Recorded Future News, SiegedSec posted on Telegram that it had stolen data from NATO’s:

  • Joint Advanced Distributed Learning
  • NATO Lessons Learned Portal
  • Logistics Network Portal
  • Communities of of Interest Cooperation Portal
  • NATO Investment Division Portal
  • NATO Standardization Office

SiegedSec first emerged as a hacktivist group on Telegram in April 2022 and in the ensuing months began posting data online it claimed to have stolen, including two attacks on state websites in Kentucky and Arkansas, the Cyberscoop report said.

At the time, the group apparently objected to those states' rejection of abortion rights. In the July attack on NATO sharing portal, the hacktivists said they have targeted multiple satellite receivers and industrial control systems in states that pushed through legislation banning gender affirming rights, the report said.

Following the July incident, SiegedSec reportedly messaged the hit was in “retaliation against the countries of NATO for their attacks on human rights” and did not involve the war in Ukraine.

NATO told Recorded Future News after that incident that the alliance’s cyber experts were looking into the incident. The military alliance has not published any details about whether this latest hacking action was a legitimate breach.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.