The North Atlantic Treaty Organization (NATO) is analyzing the impact of a data breach that led to a leak of classified military documents from the European missile manufacturing firm MBDA. The data included blueprints of the weapons used by NATO members in the Ukraine conflict.
After the alleged breach, the classified information was sold on hacking forums. The organization has stated that the information was hacked via a compromised external hard drive in Italy. The stolen data is allegedly being sold to parties obliging to pay the fees in bitcoin.
According to a BBC report, the hacker groups operating on Russian and English forums are selling 80GB of the stolen data for 15 Bitcoins (about $3,18,876). Moreover, the collective has claimed to have sold the information to at least one unnamed purchaser as of August 2022.
NATO’s report on the stolen data
The stolen data includes information about the MBDA’s employees and individuals who participated in developing the classified military projects. It also consists of designing documentation, videos, tutorials, photo material, research copies, and other companies’ contracts.
The media organisation was able to investigate a sample comprising 50MB of the stolen 80GB with documents categorised under three different sections titled “NATO CONFIDENTIAL,” “NATO RESTRICTED,” and “Unclassified Controlled Information,”.
Hackers have access to more information
According to reports, the hackers may have stolen mixed data from different classified packages, along with the one they stole from MBDA. However, there is no confirmation whether the stolen data has come from multiple hacked sources. The samples also included a file about the “communications intelligence” mission by a US air squadron, carried out at the end of 2020 in Estonia over the Baltics.
This data included the full names, call logs, phone numbers, and GPS coordinates of the users who were part of the operation, which puts more pressure on NATO. Since mission-centric information is highly classified and not made for public platforms and easy access, the data can be used to abuse the NATO systems and their partners.
A NATO representative stated that the possibility of the stolen data being declassified is less because most of the files and documents shared through BBC samples were for missions and objects created/listed between 2017 and 2020.
Additionally, the stolen data was known to have compromised MBDA’s proprietary information. The data might include the files and documents from the MBDA Missile Systems, created in December 2001, after the merger of missile systems companies in France, Italy, and the UK. The project has over 13,000 employees and includes a collaboration between tech and Aerospace companies such as Airbus, BAE Systems, and Leonardo.