NATO investigates dark web leak of data stolen from missile supplier

NATO is investigating the leak of data allegedly stolen from a European missile systems company, which hackers put up for sale on the Dark Web, according to a published report.

The leaked data includes blueprints for weapons used by Ukraine in its current war with Russia.

Integrated defense company MBDA Missile Systems, headquartered in France, has admitted that data from its systems is part of the cache sold by threat actors on hacker forums after what appears to be a ransomware attack. .

Contrary to cyberattackers’ claims in their advertisements, nothing up for grabs is classified information, MBDA said. He added that the data was acquired from a compromised external hard drive, not the company’s internal networks.

NATO, meanwhile, is “assessing allegations relating to data allegedly stolen from MBDA,” a NATO official told Dark Reading on Monday.

“We have no indication that a NATO network has been compromised,” the official said.

Double extortion

MBDA admitted at the beginning of August that it had been “the subject of an attempted blackmail by a criminal group which falsely claims to have hacked into the company’s information networks”. in a post on its website.

The company refused to pay the ransom and so the data was leaked to be sold online, according to the post.

Specifically, the threat actors are selling 80 GB of stolen data on Russian and English language forums with a price tag of 15 bitcoins, or approximately $297,279, according to a report from the BBC, which broke news of the NATO investigation on Friday. In fact, cybercriminals claim to have already sold data to at least one buyer.

NATO is investigating one of the company’s suppliers as a possible source of the breach, according to the report. MBDA is a joint venture between three key shareholders: AirBus, BAE Systems and Leonardo. Although the company operates outside of Europe, it has subsidiaries worldwideincluding MBDA Missile Systems in the United States.

The company is working with authorities in Italy, where the breach occurred.

MBDA had sales of $3.5 billion last year and counts NATO, the US military and the UK Ministry of Defense among its customers.

Classifieds & Ukraine

The hackers claimed in their publicity for the leaked data that they had “classified information about employees of companies who participated in the development of closed military projects”, as well as “design documentation, drawings, presentations , video and photo material, contractual arrangements and correspondence with other businesses,” according to the BBC.

Among the sample files in a 50-megabyte stash seen by the BBC is a presentation appearing to provide blueprints for the Land Ceptor Common Anti-Aircraft Modular Missile (CAMM), including the precise location of the electronic storage unit that ‘it contains. One of these missiles was recently sent to Poland for use in the Ukraine conflict as part of the Sky Saber system and is currently operational, according to the report.

This could provide a clue to the motive of the threat actors; Russian-aligned Advanced Persistent Threats (APTs) began hitting Ukraine with cyberattacks even before the official Russian invasion on February 24.

After the conflict began on the ground, threat actors continued to strangle Ukraine with cyber warfare to support Russian military efforts.

The sample data viewed by the BBC also included documents labeled “NATO CONFIDENTIAL”, “NATO RESTRICTED” and “Unclassified Controlled Information”, according to the report. At least one stolen file contains detailed drawings of MBDA equipment.

The criminals also emailed documents to the BBC including two marked “NATO SECRET”, according to the report. The hackers did not confirm whether the material came from a single source or multiple pirated sources.

Nevertheless, MBDA insists that the verification processes the company has performed so far “indicate that the data made available online is neither classified nor sensitive data.”