Portugal’s Armed Forces General Staff agency has suffered a malicious attack that allegedly enabled threat actors to steal classified NATO documents. Reports said these stolen documents are now circulating in dark web marketplaces.
The affected entity realised they experienced a cyberattack after an attacker published samples of the stolen documents on underground marketplaces, selling the materials to interested buyers.
An American cyber-intelligence agent also noticed the offering of stolen NATO documents and notified the United States embassy in Lisbon that warned the government in Portugal regarding the breach.
The government immediately dispatched the National Security Office and Portugal’s national cybersecurity centre to aid the impacted agency and scan its network to see if the attack had lingering effects.
The threat report blew up after a local news organisation claimed that it had confirmed the validity of the stolen information after a trusted source disclosed its ongoing investigation. Moreover, the source told the news outlet that the exposed documents could cause a crisis within the country’s credibility in its military alliance.
The source also elaborated that the malicious attack has remained in the system for an extended period through bots modified to detect the types of stolen documents. Fortunately, it was removed by the security team using several actions.
Hackers were able to steal the NATO documents because of an air-gapped network.
The devices used by the Armed Forces General Staff agency of Portugal are air-gapped; however, the exfiltration process to move the NATO documents has broken its operational security at an unidentified point.
As of now, the Portuguese state has no official statement regarding the topic. However, the government opposition is pressuring the responsible authorities to reveal the cause.
Members of the parliament were also caught off guard by the recent news regarding the classified documents being exposed on the internet. They are also disappointed with the country’s intelligence services that failed to detect such a crucial attack.
Therefore, they asked the defence committee chairman to intercede so that trials about the incident would be scheduled promptly.
