NATO is investigating a data leak allegedly stolen from a European missile systems company that hackers have sold on the dark web, according to a published report.
The leaked data includes blueprints for weapons used by Ukraine in its current war with Russia.
MBDA Missile Systems, an integrated defense company based in France, acknowledged that the data from its systems was part of a cache of data sold by the attackers on a hacking forum after what appeared to be a ransomware attack.
Contradicting the cyber attackers' claims in their ads, MBDA said no information for sale was classified. It added that the data was obtained from a compromised external hard drive, not the company's internal network.
Meanwhile, NATO officials said Monday that NATO is "evaluating extortion" related to the data allegedly stolen from MBDA.
The official said, "We have no indication that any NATO networks have been compromised."
Double ransom
MBDA acknowledged in a post on its website in early August that it was "the subject of this attempted extortion by a criminal group that falsely claimed to have hacked into the company's information network."
The post claimed that the company refused to pay the ransom, so the data was leaked and sold on the dark web.
Specifically, the threatened individuals sold 80 gigabytes of stolen data on Russian and English-language forums for 15 bitcoins, or about $297,279, according to a BBC report, which broke the news of the NATO investigation Friday. In fact, the cybercriminals claim to have sold the data to at least one buyer.
NATO is investigating one of the company's suppliers as a possible source of the breach, the report said. mbda is a joint venture of three major shareholders: AirBus, BAE Systems and Leonardo. while the company operates in Europe, it has subsidiaries around the world, including MBDA Missile Systems in the United States.
The company is working with Italian authorities, where the breach occurred.
MBDA reported $3.5 billion in revenue last year, and its customers include NATO, the U.S. military and the U.K. Ministry of Defense.
Confidential Information and Ukraine
According to the BBC, the hacker's advertisement for the compromised data claimed to have "confidential information on employees of companies involved in the development of closed military projects" as well as "design documents, drawings, presentations, video and photographic material, contractual agreements and correspondence with other companies ".
Among the 50 megabytes of sample files viewed by the BBC was a presentation that appeared to provide blueprints for the Land Raider Common Air Defense Modular Missile (CAMM), including the precise location of its electronic storage units. One of these missiles was reportedly recently sent to Poland for use in the Ukraine conflict as part of the Skyward Sword system, which is currently in operation.
This may provide a clue as to the motivation of the threat actors; even before the official Russian invasion on February 24, Russian-aligned Advanced Sustainability Threat (APT) attacks began to hit Ukraine via the network.
After the conflict on the ground began, threat actors continued to strangle Ukraine with cyber warfare in support of Russian military operations.
The sample data viewed by the BBC also reportedly included files labeled "NATO Confidential," "NATO Restricted" and "Unclassified Controlled Information. At least one of the stolen folders contained detailed drawings of MBDA equipment.
The criminals also reportedly sent documents to the BBC via email, including two documents labeled "NATO Confidential. The hackers did not confirm whether the material came from a single source or from multiple hacked sources.
Nevertheless, MBDA maintains that the verification process it has performed to date "indicates that the data provided online is neither classified nor sensitive.