Recent Cyber Events and Possible
Implications for Armed Forces
#4 – July 2020
About this paper
This paper is the collaborative view of NATO CCDCOE researchers highlighting the potential effects
on the military of current events and of developments in cyberspace during the previous month,
based on publicly available information. It does not set out to be exhaustive. While the authors have
made every effort to describe events from a perspective relevant to NATO and partner nations, there
may be national and regional differences which this paper does not address.
The authors of this paper are independent researchers at the NATO CCDCOE; they do not represent
NATO, nor does this paper reflect NATO’s position. The aim of the paper is not to replace information
about vulnerabilities and incidents provided by CSIRTs and providers of CIS products and services.
1. Targeted threats against the
military and national security
Leaked government data could put
personnel at risk
‘It was reported on Friday (May 29) that a
government database of more than 20 million
Taiwanese citizens was leaked on the dark
web. […] It is unusual for an entire nation’s
database to be leaked, [the cyber threat
intelligence company] Cyble reported.’
(Taiwan News, 30 May 2020)
The leak of the Taiwanese home registry
database is an unusually large breach. The
leaked data is said to include names,
addresses, genders, dates of birth and other
private information of citizens. Data breaches
of various sizes have become a more
common tactic of hostile actors. Well-known
cases include the 2012 breach of outsourced
Swedish government databases, including
information about police employees and the
addresses of people with protected identities;
a similar case in Denmark;
Newsweek: Pirate Bay co-founder found guilty of
hacking crimes in 'historic' case
information are usually not so damaging, but
a complete database could be a much more
useful source for an adversary’s intelligence
service as information can be combined and
compared in different ways. Detailed
knowledge about individuals gained from such
leaks could, for example, aid in making
credible phishing campaigns or preparing
convincing documents containing malware.
The more personal information an adversary
has, the more likely those types of attacks are
to be successful.
Management and protection of population and
property registers are usually not under the
direct control of national security or military
authorities, which calls for interagency
cooperation and careful risk analysis in
determining and implementing the appropriate
security measures and controlling what
information can be held in the registers.
2. Other cyber activities relevant to
the military
Australia’s response to disinformation
campaigns
‘The Australian government recently
announced plans to establish the country’s
first taskforce devoted to fighting
disinformation campaigns, under the
