NATO uses the SOA & IdM platform and classified it as secret while it was used to handle several essential functions within the Polaris program.
Part of NATO’s IT modernization program, Polaris employs the SOA & IdM platform and was created to provide centralized security, integration, and hosting information management. As it handles several critical functions, the platform was classified as secret by the military alliance.
The hackers claim that they managed to make copies of the data on this platform using a backdoor and that they tried to blackmail Everis. They went further and made jokes about sending the stolen data to the Russian intelligence services.
Hackers wanted to slow down Polaris development
Paul Howland, Polaris Program Officer explained the benefits of the program: “This project has the potential to be a game-changer in how NATO will develop and deploy its operational services in the future. It will drive innovation and reduce costs. Operational by ensuring a much greater reuse of deployed capacities”.
The hackers behind the attack said they were initially unaware that they could exploit a vulnerability on the NATO platform. Moreover, they focused only on Everis’ corporate data in Latin America, as NATO said it was prepared to take action in the event of a cyber threat. To their surprise, one of the secure NATO platforms were among the subsidiaries of Everis.
The hackers began to steal more data from Everis networks after they analyzed the company and found documents related to drones and military defense systems. They justified the activity of slowing down the development of the Polaris program by saying that they were not “for peace on earth and in the cyber world”.
The hackers demanded from Everis a ransom of XMR 14,500 so that they would not associate its identity to the LATAM Airlines data hack. They have also asked for this ransom in exchange for not disclosing any data from NATO.