Portugal

The Armed Forces General Staff agency of Portugal (EMGFA) has suffered a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web.

EMGFA is the government agency responsible for the control, planning, and operations of the armed forces of Portugal.

The agency only realized they suffered a cyberattack after hackers posted samples of the stolen material on the dark web, offering to sell the files to interested individuals.

American cyber-intelligence agents noticed the sale of stolen documents and alerted the U.S. embassy in Lisbon, which in turn warned the Portuguese government about the data breach.

Immediately, a team of experts from the National Security Office (GNS) and Portugal’s national cybersecurity center was dispatched to EMGFA to carry out a complete screening of the body’s entire network.

The story came to light by local news organization Diario de Noticias, which claims it has confirmed the validity of the information via unnamed sources close to the ongoing investigations.

These sources told the news outlet that the leaked documents are of “extreme gravity,” so their dissemination might cause a crisis with the country’s credibility in the military alliance.

“It was a cyberattack prolonged in time and undetectable, through bots programmed to detect this type of documents, which were later removed in several stages,” stated one of DN’s sources.

The computers used by EMGFA are air-gapped, but the exfiltration used standard non-secure lines. Hence, the first conclusion of the investigation is that the top military body has broken its operational security rules at some point.

As of today, no official statement has been issued by the Portuguese state on the topic, but the pressure for a briefing by the political opposition is rising following DN’s revelations.

Many members of the parliament expressed their surprise today with the news about classified military documents being sold on the internet and the country’s intelligence services failing to detect such a highly critical breach.

Hence, they requested the chairman of the parliamentary defense committee, Marcos Perestrello, to intercede so that hearings regarding the incident were scheduled as soon as possible.

BleepingComputer has reached out to Portugal’s PM office, the Ministry of Defense, and EMGFA, and we will update this post as soon as we receive a response.

Related Articles:

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Ransomware as a Service and the Strange Economics of the Dark Web

Ivanti fixes critical Standalone Sentry bug reported by NATO

Misconfigured Firebase instances leaked 19 million plaintext passwords

200,000 Facebook Marketplace user records leaked on hacking forum