NATO and the Dark Web

10804163868?profile=RESIZE_400xJust what is for sale on the Dark Web?  According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web.  The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.  Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache being sold by threat actors on hacker forums after what appears to be a ransomware attack.[1]

Contradicting the cyber actor’s claims in their ads, nothing up for sale is classified information, MBDA said. It added that the data was acquired from a compromised external hard drive, not the company's internal networks.  NATO, meanwhile, is "assessing claims relating to data allegedly stolen from MBDA," a NATO official reported.  "We have no indication that any NATO network has been compromised," the official said.

MBDA acknowledged in early August 2022 that it was "the subject of a blackmail attempt by a criminal group that falsely claims to have hacked the company's information networks" in a post on its website.  According to the post, the company refused to pay the ransom, and thus the data was leaked for sale online.

Threat actors are selling 80GB of stolen data on both Russian and English language forums with a price tag of 15 Bitcoins, which is about $297,279, according to a report from the BBC, which broke the news about the NATO investigation.  It has been reported that cybercriminals claim to have already sold data to at least one buyer.

According to the report, NATO is investigating one of the firm's suppliers as the possible source of the breach.  MBDA is a joint venture between three key shareholders: AirBus, BAE Systems, and Leonardo.  Though the company operates out of Europe, it has subsidiaries worldwide, including MBDA Missile Systems in the United States.   The company is working with authorities in Italy, where the breach occurred.  MBDA reported $3.5 billion in revenue last year and counted NATO, the US military, and the UK Ministry of Defense among its customers.

Hackers claimed in their ad for the leaked data to have "classified information about employees of companies that took part in the development of closed military projects," as well as "design documents, drawings, presentations, video and photo materials, contract agreements, and correspondence with other companies," according to the BBC.

Among the sample files in a 50-megabyte stash viewed by the BBC is a presentation appearing to provide blueprints of the Land Ceptor Common Anti-Air Modular Missile (CAMM), including the precise location of the electronic storage unit within it.  According to the report, one of these missiles was recently sent to Poland for use in the Ukraine conflict as part of the Sky Sabre system and is currently operational.

This might provide a clue about the motive of threat actors; advanced persistent threats (APTs) aligned with Russia began hitting Ukraine with cyberattacks even before the Russian official invasion on 24 February 2022.  After the conflict on the ground began, threat actors continued to subject Ukraine to a cyber war to support the Russian military efforts.

The sample data viewed by the BBC also included documents labeled "NATO CONFIDENTIAL," "NATO RESTRICTED," and "Unclassified Controlled Information," according to the report.  At least one stolen folder contains detailed drawings of MBDA equipment.  The cybercriminals also sent email documents to the BBC, including two marked "NATO SECRET," according to the report.  The hackers did not confirm whether the material had come from a single source or more than one hacked source.

Nonetheless, MBDA insists that the verification processes that the company has executed so far "indicate that the data made available online are neither classified data nor sensitive."

This raises the question to all readers, “What data from your company is already for sale on the Dark Web?  Interested to find out, please contact us and ask about our RedPane service.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

 

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989   

 

[1] https://www.oodaloop.com/briefs/2022/08/30/nato-investigates-dark-web-leak-of-data-stolen-from-missile-vendor/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!