The SOA & IdM platform, developed as part of the Polaris program, is classified as “secret” because it handles several critical functions.
In May 2021, a group of hackers broke into the IT infrastructure of a Spanish company called Everis. This is how hackers could compromise a NATO cloud computing platform. Cybercriminals claim to have made copies of the data on this platform through a backdoor. They also allegedly tried to extort Everis and sent the stolen data to Russian intelligence services.
NATO platform classified as “secret”
This NATO platform is known as SOA & IdM (Provision of Service Oriented Architecture & Identity Management Platform). As we can read in the document which formalized the launch of this platform in 2017: “NATO wants to transform its infrastructure and its applications in information and communications technologies. NATO switches from an independent and siled approach to a more granular set of loosely coupled services that can provide agile and cost-effective support to operations.“
NATO’s information technology modernization effort is also known as the Polaris program. The SOA & IdM platform provides: “a central service responsible for security, integration, registry and repository, service management, information discovery and hosting”. They classified this platform as “secret” because it handles several critical functions.
Paul Howland, NATO Polaris Program Officer: “This project has the potential to be a game-changer in how NATO will develop and deploy its operational services in the future. It will drive innovation and reduce costs. Operational by ensuring a much greater reuse of deployed capacities”.
Hackers “for world peace”
While NATO says it is ready to retaliate in the event of a cyber threat, the hackers behind the cyberattack explained that initially, only data from Everis’ Latin America subsidiaries interested them. Initially, they were not even aware of the possibility of finding a loophole on the NATO platform .
It wasn’t until they did further research on Everis, and glimpsed documents referring to drones and defense systems, that the hackers dug into it. Hackers deny they are “for the sake of peace both on planet Earth and in cyberspace”. This is the reason they wanted to slow down the development of the Polaris program .
Besides stealing data from NATO’s SOA & IdM platform, the hackers also attempted to extort Everis, offering the Spanish company not to associate its name with the LATAM Airlines data leak and not to not disclose NATO data for 14,500 XMR (an open source cryptocurrency whose value is currently estimated at 228 euros for 1 XMR). They have not paid the ransom.