Skip links

‘Gay furry hackers’ brag of second NATO break-in, steal and leak more data

NATO is “actively addressing” multiple IT security incidents after a hacktivist group claimed it once again breached some of the military alliance’s websites, this time stealing what’s claimed to be more than 3,000 files and 9GB of data.

When asked about this alleged intrusion, a NATO official declined to answer specific questions and told The Register:

On Sunday, the SiegedSec crew claimed it broke into six NATO web portals: the alliance’s Joint Advanced Distributed Learning e-learning website; the NATO Lessons Learned Portal, from which the gang said it stole 331 documents; the Logistics Network Portal (588 documents and other files); the Communities of Interest Cooperation Portal; the NATO Investment Division Portal (207 documents); and the NATO Standardization Office (2,116 documents).

The hacktivists, which describe themselves as made up of “gay furry hackers,” usually target government orgs whose policies they disagrees with, and have a flare for political publicity stunts, also posted a link to the purported stolen files on their Telegram channel.

“The astonishing siegedsec hackers have struck NATO once more!!1!!!,” the crew wrote, bragging: “NATO: 0. Siegedsec: 2.”

The team is referring to its earlier NATO intrusion in July, during which it claimed it swiped information belonging to 31 nations and leaked 845MB of data from the alliance’s the Communities of Interest (COI) Cooperation Portal.

This site is used by NATO organizations and member states, though it doesn’t contain classified information. And yes, it’s one of the portals that SiegedSec says it breached again at the end of September.

Threat intel biz CloudSEK has analyzed the leaked data dumped in the earlier breach and said it contained at least 20 unclassified documents and 8,000 personnel records with names, companies and units, working groups, job titles, business email addresses, home addresses, and photos.

In other words: almost everything a spy, would-be identity thief, doxxer, social-engineering campaign coordinator, or plain old troll would like for potential fraud, phishing, espionage, or more general havoc. 

We would be remiss not to point out that October is cybersecurity awareness month, and it appears that even after 20 years of this annual event, there’s still much awareness to be gained. ®