Previous
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Eva Georgieva / Last Updated: 9/20/2022
Reviewed By: Dalibor Gašić, & Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
On September 8, Portuguese local news organization, Diario de Noticias reported that the Portuguese Government’s Department of Defense has allegedly been a subject of a cyber security data breach involving exfiltration of confidential NATO documents.
The General Staff of the Armed Forces (EMGFA) was the department that was attacked and hundreds of documents were found for sale on the dark web.
The department that was attacked only found out about the incident after US intelligence informed them of it.
Portugal’s Prime Minister António Costa was informed about the breach through the US embassy in Lisbon.
According to the report, a team of security experts from the National Security Office and also a team from Portugal’s national cyber security center investigated the attack and the network and it was established that unsecured channels were used for sending and receiving classified documents.
Later on, they also came to the conclusion that the attack was constructed in such a manner that it was undetectable and it was launched through a bot network that was primarily designed to obtain sensitive data.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Since we should be talking about highly secure systems, in the General Staff of the Armed Forces (EMGFA), a government department that deals with highly confidential information, we would assume that the computers are air gapped, which reportedly it was the case, however, the exfiltration used standard non-secure lines.
From that, the initial conclusion of the investigation was that the top military body had broken the operational security rules at a certain point which led to the secret information being exposed, leaked and then sold on the dark web.
From the results of the investigation, it was also reported that the exfiltration of documents that were sent from NATO to Portugal took place on EMGFA computers, mainly those used by CISMIL, The Department for Military Secrets, and The General Directorate of Resources of National Defense.
The National Office of Security (GNS), External Secrets, and The Secret Services are involved in investigating the hack, however, allegedly NATO did demand an explanation from the Portuguese government even though they didn’t want to make any official statements on the matter.
On the other hand, the Portuguese Prime Minister’s office spokesperson gave a statement in which it was elaborated that the government is dedicated to maintaining and protecting its armed forces and the Defense Ministry’s credibility as a founding member of NATO.
Furthermore, the spokesperson noted that they will continue to work daily, as they have so far, so that their credibility remains intact.
Related Articles:
Eva is a security engineer, researcher, and penetration tester with experience over 5 years of experience working on both red teams and blue teams.
Recent Attacks
Popular Articles
Ransomware Attacks
Preventing Attacks