{
	"id": "d926f858-0941-47b6-afee-b337c2e33098",
	"created_at": "2026-04-06T00:13:18.025824Z",
	"updated_at": "2026-04-10T13:11:49.78867Z",
	"deleted_at": null,
	"sha1_hash": "bc7e85fef6f11ebb59a581623766d80c202a9126",
	"title": "NATO 'actively addressing' alleged cyberattack affecting some websites",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 72587,
	"plain_text": "NATO 'actively addressing' alleged cyberattack affecting some\r\nwebsites\r\nBy Jonathan Greig\r\nPublished: 2023-10-03 · Archived: 2026-04-02 10:57:03 UTC\r\nThe North Atlantic Treaty Organization (NATO) said it is investigating claims that data was stolen from\r\nunclassified websites under the military alliance’s control.\r\nA hacking group named SiegedSec — which has been at the center of several recent hacks involving U.S.\r\nmunicipalities over the last year — claimed to have stolen 9 GB of data.\r\nA spokesperson for NATO told Recorded Future News that it is now investigating the claims but said that the\r\nalliance has not faced any operational issues.\r\n“NATO is facing persistent cyber threats and takes cyber security seriously. NATO cyber experts are actively\r\naddressing incidents affecting some unclassified NATO websites,” the spokesperson said.\r\nIn posts on Telegram, SiegedSec boasted of accessing several training portals and informational platforms run by\r\nNATO. The data was allegedly stolen from:\r\nJoint Advanced Distributed Learning\r\nNATO Lessons Learned Portal\r\nLogistics Network Portal\r\nCommunities of of Interest Cooperation Portal\r\nNATO Investment Division Portal\r\nNATO Standardization Office\r\nThe group shared a link to the data that was taken, and most of the more than 3,000 documents were taken from\r\nthe NATO Standardization Office.\r\nNATO did not respond to further questions about when the intrusion may have occurred or whether other\r\ninformation was accessed.\r\n“Additional cyber security measures have been put in place,” the spokesperson said. “There has been no impact on\r\nNATO missions, operations and military deployments.”\r\nThis is NATO’s second incident involving SiegedSec hackers after an attack in July. The group said it stole\r\ninformation from the organization’s Communities of Interest Cooperation Portal. That batch of data included\r\npersonal information of people from at least 31 countries, according to news reports at the time.\r\nNATO told Recorded Future News after that incident that the alliance’s cyber experts were looking into the\r\nincident. No update was ever published about whether the leaks were legitimate.\r\nhttps://therecord.media/nato-siegedsec-unclassified-websites-alleged-cyberattack\r\nPage 1 of 3\n\nSiegedSec attacked several state-run websites this summer, targeting platforms in Nebraska, South Dakota, Texas,\r\nPennsylvania and South Carolina.\r\nA week later, the group claimed to have attacked government systems run by the city of Fort Worth, Texas, but\r\nofficials later determined that much of that information was already publicly available.\r\nSiegedSec claimed it hacked the governments of Arkansas and Kentucky last year after the state banned abortion\r\nfollowing the Supreme Court decision to overturn Roe v. Wade. But state officials also confirmed that the group\r\nsimply downloaded publicly available record data.\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nhttps://therecord.media/nato-siegedsec-unclassified-websites-alleged-cyberattack\r\nPage 2 of 3\n\nSource: https://therecord.media/nato-siegedsec-unclassified-websites-alleged-cyberattack\r\nhttps://therecord.media/nato-siegedsec-unclassified-websites-alleged-cyberattack\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/nato-siegedsec-unclassified-websites-alleged-cyberattack"
	],
	"report_names": [
		"nato-siegedsec-unclassified-websites-alleged-cyberattack"
	],
	"threat_actors": [
		{
			"id": "c29ed071-678d-4023-a954-7138fb534056",
			"created_at": "2023-11-05T02:00:08.079228Z",
			"updated_at": "2026-04-10T02:00:03.39948Z",
			"deleted_at": null,
			"main_name": "SiegedSec",
			"aliases": [],
			"source_name": "MISPGALAXY:SiegedSec",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434398,
	"ts_updated_at": 1775826709,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bc7e85fef6f11ebb59a581623766d80c202a9126.pdf",
		"text": "https://archive.orkl.eu/bc7e85fef6f11ebb59a581623766d80c202a9126.txt",
		"img": "https://archive.orkl.eu/bc7e85fef6f11ebb59a581623766d80c202a9126.jpg"
	}
}