Sensitive NATO Data Leaked After Cyber Attack On Portugal’s Armed Forces

Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.

Author: Eva Georgieva / Last Updated: 9/20/2022

Reviewed By: Dalibor Gašić, & Michael Swanagan, CISSP, CISA, CISM

View Our: Editorial Process

Summary Of The Attack

• Diario de Noticias, a local Portuguese news organization, on September 8th reported that the Portuguese Government Department of Defense has been a subject of a cybersecurity data breach involving leakage of sensitive NATO documents that are published and sold on the dark web.
• After an investigation was performed, it was established that unsecure channels were used for transmission of data.
• The attack in which the data were exfiltrated was constructed in such a manner that it was undetectable and it was launched through a bot network that was primarily designed to obtain sensitive data.
• The Department which suffered the breach is under suspicion that they broke protocol which led to the incident.

What Happened?

On September 8, Portuguese local news organization, Diario de Noticias reported that the Portuguese Government’s Department of Defense has allegedly been a subject of a cyber security data breach involving exfiltration of confidential NATO documents.

The Anatomy Of The Attack

The General Staff of the Armed Forces (EMGFA) was the department that was attacked and hundreds of documents were found for sale on the dark web.

The department that was attacked only found out about the incident after US intelligence informed them of it.

Portugal’s Prime Minister António Costa was informed about the breach through the US embassy in Lisbon.

According to the report, a team of security experts from the National Security Office and also a team from Portugal’s national cyber security center investigated the attack and the network and it was established that unsecured channels were used for sending and receiving classified documents.

Later on, they also came to the conclusion that the attack was constructed in such a manner that it was undetectable and it was launched through a bot network that was primarily designed to obtain sensitive data.

Human Error Or Breaking Protocol?

Since we should be talking about highly secure systems, in the General Staff of the Armed Forces (EMGFA), a government department that deals with highly confidential information, we would assume that the computers are air gapped, which reportedly it was the case, however, the exfiltration used standard non-secure lines.

From that, the initial conclusion of the investigation was that the top military body had broken the operational security rules at a certain point which led to the secret information being exposed, leaked and then sold on the dark web.

From the results of the investigation, it was also reported that the exfiltration of documents that were sent from NATO to Portugal took place on EMGFA computers, mainly those used by CISMIL, The Department for Military Secrets, and The General Directorate of Resources of National Defense.

Next Steps

The National Office of Security (GNS), External Secrets, and The Secret Services are involved in investigating the hack, however, allegedly NATO did demand an explanation from the Portuguese government even though they didn’t want to make any official statements on the matter.

On the other hand, the Portuguese Prime Minister’s office spokesperson gave a statement in which it was elaborated that the government is dedicated to maintaining and protecting its armed forces and the Defense Ministry’s credibility as a founding member of NATO.

Furthermore, the spokesperson noted that they will continue to work daily, as they have so far, so that their credibility remains intact.

Related Articles:

• How To Develop An Effective Cyber Security Strategy
• How To Manage Your Network Security In 8 Steps
• How To Conduct A Security Risk Assessment
• Top 10 Benefits Of Vulnerability Management
• Free Data Security Policy Template (Updated 2022)