IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Portugal government cyber attack allegedly leaks "hundreds" of classified NATO documents

Reports in Portugal have suggested the classified files were lifted by specially designed bots and have now been found for sale online

The Portuguese government’s department of defence (DoD) has reportedly been the subject of a ‘significant’ data breach involving the theft of NATO documents.

According to local media, “hundreds” of documents sent to Portugal’s officials by NATO have been found for sale on the deep web and the General Staff of the Armed Forces (EMGFA), the department that was attacked, only found out after US intelligence informed them of their discovery.

The US made direct contact to Portugal’s prime minister António Costa in August, informing him of the NATO documents it found for sale online, according to Diário de Notícias (DN) which first reported the story.

IT Pro has contacted the EMGFAfor confirmation of the reports and further details, but neither organisation responded.

"We do not discuss alleged leaks of classified information," said a NATO official to IT Pro. "Portugal is a valued NATO ally, which makes important contributions to our shared security."

Sources speaking to DN said the EMGFA has conducted a comprehensive audit of its IT systems and identified the computers from which the NATO documents were stolen.

The department concluded that rules surrounding the secure transmission of classified documents had been broken.

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

Unsecured channels were used to receive and forward the documents when the Integrated System of Military Communications (SICOM) should have been used, the report stated.

“The exchange of information between allies in terms of information security is permanent at the bilateral and multilateral levels,” said a spokesperson for prime minister Costa. 

“Whenever there is a suspicion of compromise of cyber security of information system networks, the situation is extensively analysed and all procedures aimed at enhancing cyber security awareness and the correct handling of information to deal with new types of threat are implemented. 

“Disciplinary and/or criminal law automatically determines the adoption of appropriate procedures."

Other DN sources said the cyber attack itself was “prolonged in time and undetectable”. The sources also said the attackers use specially crafted bots to search for the specific type of documents that were ultimately exfiltrated.

IT Pro has requested additional detail about the attack from official sources and will update if they surface. 

The US declined to confirm the reports to DN, saying it does not comment on intelligence matters.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022