Sensitive NATO Data Stolen in Cyberattack on Portugal’s Armed Forces

According to local media, this is an “extremely serious” leak because EMGFA, Portugal’s armed forces’ central unit, stores secret NATO information.

Portugal’s leading news outlet Diário de Notícias reported that the country’s central military unit EMGFA was targeted in a cyberattack. The attack resulted in the exfiltration of hundreds of confidential NATO documents sent to Portugal. Reportedly it was a prolonged and unprecedented cyberattack. The stolen files are currently up for sale on the Dark Web.

Portugal was also a victim of a security breach in 2018 involving leaking sensitive NATO and EU documents. Portuguese intelligence officer Frederico Carvalho Gil was found guilty of spying for Russia and was convicted for selling classified documents to a Russian agent.

Attack Details

According to the newspaper, this is an “extremely serious” leak because EMGFA, Portugal’s armed forces’ central unit, stores secret NATO information. Portugal’s Prime Minister António Costa was alerted about the attack by American intelligence agencies after they discovered sensitive NATO documents sold on Dark Web in August. US authorities contacted the PM through the US embassy in Lisbon.

Initial investigation revealed that security roles for storing classified data were broken because unsecured connections were used for forwarding and receiving documents. It was later identified that the attack was undetectable and launched through a bot network primarily designed to obtain sensitive data. The national office of security (GNS), External Secrets, and the secret service are investigating the hack.

Government’s Response

The Prime Minister’s office spokesperson commented that the government is dedicated to maintaining and protecting its armed forces and the Defense Ministry’s credibility as a founding member of NATO. The spokesperson further noted that the credibility was still “intact.”

“Whenever there is a suspicion of a compromised cybersecurity network … the situation is extensively analyzed, and all the procedures are implemented.”

Prime Minister’s office spokesperson

Reportedly, NATO has demanded an explanation from the Portuguese government regarding the data leak, and two government officials will visit NATO headquarters in Brussels. A high-level meeting is planned for next week. The news outlet contacted the US embassy in Lisbon and other government institutions to find more details on the attack, but nothing was shared.

The PM’s office is investigating the case. There is no confirmation from the Prime Minister’s office that a breach had occurred. So far, it seems that the hack happened on EMGFA computers, mainly those used by the general directorate of national defense resources and CISMIL (the military secrets department).

It is a developing story. Keep visiting to find out more details.

Europe, NATO, and Data Breach

As the world’s largest military alliance, NATO has access to a wealth of data that would be of interest to hackers. This data includes information on military operations, troop movements, sensitive diplomatic negotiations, and much more.

The importance of NATO data to hackers can be quantified by the fact that NATO is one of the prime targets of government-backed hackers. In August 2022, NATO was already investigating another large-scale data breach involving the world’s 2nd largest manufacturer of missiles MBDA. As reported by, hackers are selling 70 GB worth of MBDA’s alleged data for 1 BTC on a Russian forum.

  1. Smartphones of NATO Soldiers Compromised By Russian Hackers
  2. European Spyware Vendor Offering Android and iOS Device Exploits
  3. Authentication bypass vulnerability found in NATO, EU-approved firewall
  4. Dark web data center in former NATO bunker seized for hosting child porn
  5. Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe

Related Posts