Classified NATO documents sold on darkweb after they were stolen from Portugal

Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA).

After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack.

The Armed Forces General Staff (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal. It is responsible for the planning, command and control of the Portuguese Armed Forces.

“The General Staff of the Armed Forces (EMGFA), commanded by the Chief of Staff, Admiral Silva Ribeiro, was the target of a “prolonged and unprecedented cyberattack” that resulted in the exfiltration of classified NATO documents.” reported the news outlet Diario de Noticias,

Sources of the news agency considered this security breach of extreme gravity, hundreds of Secret and Confidential documents sent by NATO to Portugal are for sale on the darkweb.

“It was a cyberattack prolonged in time and undetectable , through bots programmed to detect this type of documents, which were later removed in several stages”, explained one of these sources.

The threat actors published samples of the stolen documents as proof of the hack.

The documents were spotted by the US Information Services which immediately alerted the U.S. embassy in Lisbon, which warned the Portuguese authorities.

“NATO will have demanded explanations and guarantees from the Portuguese government and, next week, on behalf of António Costa, they should travel to NATO headquarters, in Brussels, for a high-level meeting at the NATO Office of Security, the secretary of State for Digitization and Administrative Modernization , Mário Campolargo, who oversees the GNS, and the Director-General of this Office, Vice Admiral Gameiro Marques , who is responsible for the security of classified information sent to our country.” continues the website

The National Security Office (GNS) and Portugal’s national cybersecurity center launched an investigation into the incident to determine the extent of the data breach.

According to the initial investigation, the documents were exfiltrated from systems in the EMGFA, in the secret military (CISMIL) and in the General Directorate of National Defense Resources.

The investigators discovered that security rules for the transmission of classified documents had been broken, and threat actors were able to access the Integrated System of Military Communications (SICOM) and receive and forward classified documents.

“the exchange of information between allies in terms of Information Security is permanent at the bilateral and multilateral levels. Whenever there is a suspicion of compromise of cybersecurity of Information System networks, the situation is extensively analyzed and all procedures aimed at enhancing cybersecurity awareness and the correct handling of information to deal with new types of threat are implemented. disciplinary and/or criminal law automatically determines the adoption of appropriate procedures.” said the spokeswoman for Prime Minister of Portugal António Costa underlines that

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, NATO)

[adrotate banner=”5″]

[adrotate banner=”13″]