NATO documents sold on darkweb after being stolen in PortugalSecurity Cases
The threat actors claimed to have stolen classified NATO documents from the Portuguese Armed Forces Staff Agency (EMGFA).
After discovering that classified NATO documents belonging to the Portuguese Armed Forces Staff Agency (EMGFA) were offered for sale on the dark web, the Portuguese agency discovered that it had suffered a cyberattack.
The General Staff of the Armed Forces (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal. It is responsible for the planning, command and control of the Portuguese Armed Forces.
“The General Staff of the Armed Forces (EMGFA), commanded by the Chief of Staff, Admiral Silva Ribeiro, was the target of a “prolonged and unprecedented cyberattack” which resulted in the exfiltration of classified NATO documents.” reported the Diario de Noticias media,
Sources from the news agency considered this security breach extremely serious, hundreds of secret and confidential documents sent by NATO to Portugal are for sale on the dark web.
“It was a prolonged and undetectable cyberattack, via bots programmed to detect this type of documents, which were then deleted in several stages,” explained one of these sources.
Threat actors released samples of the stolen documents as evidence of the hack.
The documents were spotted by the American information services which immediately alerted the American Embassy in Lisbon, which notified the Portuguese authorities.
“NATO will have asked for explanations and guarantees from the Portuguese government and next week, on behalf of António Costa, they should go to NATO headquarters in Brussels for a high-level meeting at the Bureau of NATO Security, the Secretary of State for Digitization and Administrative Modernization, Mário Campolargo, who oversees the GNS, and the Director General of this office, Vice Admiral Gameiro Marques, who is responsible for information security classified sent to our country. continues the site
The National Security Office (GNS) and Portugal’s National Cybersecurity Center have launched an investigation into the incident to determine the extent of the data breach.
According to the initial investigation, the documents were exfiltrated from the systems of the EMGFA, military secrecy (CISMIL) and the Directorate General of National Defense Resources.
Investigators found that security rules for the transmission of classified documents had been violated and that threat actors had been able to access the Integrated Military Communications System (SICOM) and receive and transmit classified documents.
“the exchange of information between allies in terms of information security is permanent at bilateral and multilateral levels. In the event of suspicion of compromise of the cybersecurity of the Information System networks, the the situation is analyzed in depth and all procedures to enhance cybersecurity awareness and correct handling of information to deal with new types of threats are implemented. disciplinary and/or criminal law automatically determines the adoption of appropriate procedures. said the spokeswoman for the Prime Minister of Portugal António Costa points out that
Follow me on Twitter: @securityaffairs and Facebook
(Security cases – hacking, NATO)