The NATO uses the Service-Oriented Architecture and Identity Access Management (SOA & IdM) platform to manage the Polaris program. It is classified as secret, as it is used to handle multiple critical functions within the program.
Hackers claimed that they were able to hack Everis, a NATO’s contractor, and then breach the SOA & IdM to extract sensitive data from the platform.
In 2020, Everis was awarded a contract valued at 10.4 million EUR by the NATO Communications and Information (NCI) Agency to develop a platform for business applications management.
“The Platform developed through this contract will ensure that business applications and services across the NATO ecosystem can efficiently and effectively respond to NATO’s operational needs,” said Pierre Pradier, Chief of Core Enterprise Services at the NCI Agency.
The Polaris platform is a part of NATO’s information management system and classified as secret by the military alliance. It is used to provide a centralized view for all the alliance’s security, integration, and hosting information management.
To steal the data, cybercriminals planted a backdoor. After the hackers extracted sensitive data from the platform, they tried to blackmail Everis. They then made jokes about sending the secret data to the Russian intelligence services.
Paul Howland, the Program Officer of Polaris, said that the project has the potential to transform how NATO operates in the future.
“This project has the potential to be a game-changer in how NATO will develop and deploy its operational services in the future. It will drive innovation and reduce costs. Operational by ensuring a much greater reuse of deployed capacities”.
The hackers who attacked the NATO platform said they were initially unaware of the vulnerability that they later exploited. Initially, they were after Everis’ corporate data in Latin America. Then they found out the NATO’s platform was among the subsidiaries of Everis. As a result, the hackers managed to steal data related to drones and military systems.
The hackers justified their actions by saying that the Polaris program was not “for peace on Earth and in the cyber world.”
The hackers demanded Everis to pay a ransom of XMR 14,500 for not associating their company with the LATAM Airlines data breach and not disclosing any data from the NATO breach.