Portugal Investigates Stolen NATO Files on the Dark Web

Photo of NATO HQ

Portugal’s Attorney General’s Office revealed on Tuesday that it is investigating a cyberattack that allowed unidentified hackers to access sensitive NATO documents, which they have subsequently offered for sale on the dark web.

Portugal’s Diário de Notícias newspaper revealed last week that the hackers stole hundreds of classified documents from the country’s General Staff of the Armed Forces (EMGFA). Portuguese authorities reportedly only found out about the data breach after U.S. intelligence services alerted them in August.

The Attorney General’s Office said the Public Prosecutor’s Office would collaborate with the Central Department of Investigation and Prosecution (DCIAP) to investigate the breach, Portugal’s Lusa News Agency reported. Meanwhile, Portugal’s defense ministry has said it is also investigating the incident alongside the Armed Forces and the National Security Office.

‘Prolonged and Unprecedented’ Cyberattack

The daring cyberattack raises serious questions about the cybersecurity systems of Portugal’s Ministry of Defense.

Preliminary investigations by the National Cybersecurity Center (CNCS) show that the stolen documents came from the EMGFA, the military secretariat (CISMIL), and the General Directorate of National Defense Resources.

Authorities are not forthcoming with information about how the breach occurred. However, an unnamed source told Diário de Notícias that the hackers used automated bots to harvest the data.

The CNCS’ investigation revealed that officials in the targeted agencies might have exchanged documents using non-secure platforms, violating the rules for transmitting confidential information. This would have made it easier for cybercriminals to exploit vulnerabilities in their systems and access classified files.

Far-Reaching Consequences

While the contents of the leaked files are unknown, the government’s response indicates that they may be highly sensitive information. Portuguese officials are expected to visit the NATO headquarters in Brussels this week for a meeting.

The sale of stolen NATO documents on the dark web may have far-reaching consequences for regional security. Hackers often sell stolen information on dark web marketplaces. Some of this information — like login credentials — are purchased by criminals and used for nefarious schemes, like phishing and identity theft.

Often, organizations are unaware their systems have been compromised or that criminals are selling their confidential data on the dark web. If you suspect your organization has been the victim of a cyberattack, and you want to mitigate the fallout of the breach, we recommend looking into dark web monitoring.

If you’re curious about the dark web and want to learn about it, our introductory piece to the dark web contains everything you need to know.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.