The Armed Forces General Staff agency of Portugal (EMGFA), the government agency responsible for the control, planning, and operations of the armed forces of the country, has suffered a “prolonged and extensive cyberattack” resulting in the theft of classified NATO documents, which are now being sold on the dark web.
Local news organisation Diario de Noticias reported that the Portuguese government only found out about the sale when US cyber-intelligence agents noticed the sale on the dark web and informed the American embassy in Lisbon. which in turn informed the Portuguese government of the breach. DN also confirmed the news from unnamed sources close to the investigation.
The investigation first identified computers where the leak might have originated, mainly from the General Directorate of National Defense Resources but also from the EMGFA and the secret military (CISMIL). The agency’s network was entirely screened immediately after news reached the government by experts from the National Security Office (GNS) and Portugal’s national cybersecurity centre.

The government is yet to give an official statement on the breach. However, DN’s revelations, besides the fact that EMGFA’s computers are air-gapped, meaning the organisation broke operational security rules at some point, are increasing the pressure for a detailed report.
There’s no word on what type of cyberattack the agency suffered and the attack vectors used. One of DN’s sources claims that the attack was carried out with bots programmed to find specific kinds of documents, which were later removed from the agency’s networks in several stages.
DN’s sources also claim that the lost documents are of “extreme gravity” meaning the leak could hurt Portugal’s credibility in NATO. Prime Minister António Costa ensures the country’s credibility, but the investigation is starting to raise doubts about the EMGFA.
In the News: Google tests fantasy sports and rummy apps in India