top of page
  • Writer's pictureORNA

Darkweb Sale of NATO Missile Secrets

In August of 2022, a cyber attack occurred against a European missile systems firm by an unidentified Russian hacker group, resulting in a data breach of blueprints concerning weapons being used by allies of NATO in the Ukraine war.

The threat actors didn’t just steal the data, they posted a sale of the classified military documents on the Dark Web, amounting to an 80 GB data dump, according to a report. The stolen data was priced at 15 Bitcoins, which at the time was equal to approximately $300,927.00. Furthermore, the hackers claimed to have sold the data to an unknown buyer.

The attackers also claimed to have “classified information about employees of companies that took part in the development of closed military projects”, including “design documentation, drawings, presentations, video and photo materials, contract agreements and correspondence with other companies.”

The illicit sale was complete with a free 50MB data sample, which was viewed by the BBC. The dump included documents that were labelled “NATO CONFIDENTIAL”, “NATO RESTRICTED” and “Unclassified Controlled Information.”

Besides the sample, the threat actors offered other documents by email, which included two files marked “NATO SECRET”, according to the BBC.

MBDA Missile Systems, a pan-European company situated in France, acknowledged that its data was among the files comprising the data breach, but asserted that none of the documents marked as “classified” belonged to the firm.

MBDA added that the company was hacked due to an unsecured Italian external hard drive, and remarked that it was complying with Italian authorities, where the data breach occurred.

Notably, MBDA acknowledged that investigations are focused on MBDA’s suppliers.

"We are assessing claims relating to data allegedly stolen from MBDA.” said a NATO spokesperson. “We have no indication that any NATO network has been compromised."

The threat actors did not ascertain whether the material they collected had originated from multiple sources or were the results found from a single target. The files viewed by the BBC have not yet been verified. Nevertheless, the documents reveal a “communications intelligence” mission by a US air squadron that was launched in 2020 over the Baltics.

What’s more, it also reveals call logs, full names, phone numbers, and GPS coordinates of the individuals that were supposedly on-site at the center of the operation. According to a former NATO official, NATO is prone to “over-classification” but these security designations applied to documents matter.

“They are applied by the originator of the information and NATO SECRET is not applied lightly,” the former NATO official said.

They also added this kind of information is the kind of secrets NATO does not want out in the public, stating that having these sensitive materials declassified were slim judging by the dates these files were created, ranging from 2017 and 2020, which are fairly recent.

Included among the sample files was a presentation that showed the internal mechanisms of the Land Ceptor CAMM (Common Anti-Air Modular Missile), along with the exact location of the electronic storage unit contained within it.

Interestingly, one of these Land CAMMs was delivered to Poland to deploy in combat for conflict in Ukraine, as a component of the Sky Sabre system.

MBDA Missile Systems has not argued that its systems have been penetrated by hackers, but said, "The company's internal verification processes indicate that the data made available online are neither classified data nor sensitive." Regardless, some of the MBDA files in the data dump are labelled "proprietary information not to be disclosed or reproduced".

Lonely Tinkers to Cyber Superpowers?

As someone who grew up during an era when the art of hacking was still in its novel stages, the extent of what one could use a computer for was still being explored to sate one's curiosity.

My own journey began as a lonely tinker, just trying to figure out how everything worked and experimenting with new things to see how the computer responded when something new or different was introduced.

Nowadays, it takes time for me to adjust to the complexity of hacking in the general sense, seeing how vast the landscape has changed, along with the different philosophies of all the individual hacking groups, their goals, and the fundamental core of their political beliefs.

Anyone with the technical prowess to intrude into computer systems can hijack critical network infrastructure, download secret information, and potentially put the lives of those involved in clandestine operations at risk.

Such an intrusion doesn’t even have to happen by someone with any political knowledge or a sense of justice. While military weapons data deployed in the field by one country can also be stolen and placed on a silver platter for access by hostile aggressors - or the highest bidder.

Either way, someone with the money to purchase confidential or secret data certainly doesn’t want access to the information for mere amusement, but to level the playing field.

This adage is true, information is power. I am certain the world has yet to see the worst of what cybercriminals and government-backed hacking units can do. However, a viable defence against attacks of this nature will always be maintaining acute security awareness, as well as an actionable incident response plan with the same readiness as the threat actors who live and breathe anti-security.

An article by

Jesse McGraw

Edited by

Anne Caminer




Rome wasn't built in a day, but your SOC might be.


Weekly cyber insights

Thanks for submitting!

bottom of page