"Data Breach of Missile Maker MBDA May Have Been Real: CloudSEK"
Back in July, the Adrastea threat actor group announced a data breach affecting MBDA, a European missile manufacturer having ties to NATO. At the time, the company promptly refuted the claims, saying that while some files were stolen, MBDA was not hacked, and its security systems remained intact. The missile maker also stated that the data made available online was “neither classified data nor sensitive.” Security researchers at CloudSEK have now written a new advisory about the alleged hacking campaign against MBDA. The researchers were able to obtain and analyze the password-protected ZIP file containing the samples for the data breach. According to the researchers, the folder included files detailing the confidential personally identifiable information (PII) of MBDA’s employees, alongside multiple standard operating procedures (SOPs) underlying the requirements for NATO’s Counter Intelligence to avert threats related to Terrorism, Espionage, Sabotage, and Subversion (TESS). The researchers noted that the SOPs identify NATO collection and plan functions, responsibilities, as well as procedures used in support of NATO operations and exercises. The SOPs also include all activities of the Intelligence Requirement Management and Collection Management (IRM & CM) process that results in the effective and efficient execution of the intelligence cycle. The researchers noted that the obtained files also included internal sketches of cabling diagrams for missile systems, electrical schema diagrams, and documentation of activities tying the MBDA to the Ministry of Defence of the European Union. The researchers at CloudSEK noted that the reputation of Adrastea as a threat actor is currently low, as multiple concerns and complaints were recorded in the dark web forums where the hacker posted the alleged MBDA information. The researchers stated that this is the group’s first recorded activity, so it is difficult to say whether or not the information posted is legitimate.
Infosecurity reports: "Data Breach of Missile Maker MBDA May Have Been Real: CloudSEK"