Confidential data from TIDE NATO (Think-Tank for Information Decision and Execution Superiority) has been released by a threat actor with the username “natohub” in a dark web crime forum.
The leaked data contains 643 CSV files, which include various types of information such as user data, user groups, physical and virtual servers, and event information.
According to reports, the breach took place in July 2024 and was revealed by the threat actor on an underground forum.
The TIDE Sprint is a highly anticipated event organized by NATO, where experts come together to address and find solutions for upcoming command and control interoperability challenges.
The data breach includes 271 MB of sensitive information, mainly user data of high-ranking individuals like colonels and other senior officials.
The breach is concerning because it involves personal information of individuals, such as their full names, UUIDs, countries, organizations, addresses, telephone numbers, email addresses, and social media links.
Not only does the breach involve personal data, but it also includes in-depth information about the organization's virtual servers.
The leaked data provides detailed information on UUIDs, resource statuses, locations, and specific hardware specifications, including cores, memory, and storage.
Certain data points indicate specific uses, like Windows virtual machines for German JFAC response cell operators and an airfield server tent, which emphasize the operational importance of the compromised information.
The data is easily accessible for cybercriminals as the threat actor responsible for this breach has made it free to download.
Unlike typical breaches where the data is sold to the highest bidder, the threat actor behind this breach has made the information accessible to anyone.
After cross-referencing the leaked information with social media profiles of the affected individuals, we have determined the legitimacy of the breach to be somewhat legitimate in a sense.
The breach not only puts personal data at risk, but also exposes operational details that could be used to disrupt NATO's activities.
The disclosure of virtual server information, such as hardware specifications and intended purposes, could have significant consequences for NATO's command and control infrastructure.