Portugal’s General Staff of the Armed Forces (EMGFA) has been targeted by a “prolonged and unprecedented” cyber attack, resulting in the leak of a raft of secret NATO documents, local media outlets reported on Thursday.
According to Diario de Noticias newspaper, the Portuguese government was not even aware of the attack until the US informed it of the breach, which has been classified by the nation’s authorities as “extremely serious.”
The outlet’s sources claim that it was the US intelligence community that found “hundreds” of confidential or secret NATO documents put up for sale on the dark web. According to the report, the notice on the discovery was sent directly to Antonio Costa, the nation’s prime minister, last August.
A spokesperson for the US embassy in Lisbon would neither confirm nor deny the report, saying they do not comment on intelligence matters.
The report indicates that the General Staff has conducted a comprehensive audit of its internal systems and managed to identify the computers from which the NATO documents were stolen. The agency also found that rules related to the secure transmission of classified documents had been broken.
“This cyberattack was prolonged in time and undetectable and used bots programmed to detect types of document,” one of the outlet’s sources noted, adding that information was extracted in several phases.
The outlet says that NATO will demand explanations and guarantees from the Portuguese government, and an unnamed official told the outlet that the government can guarantee that its armed forces will “work daily so that Portugal's credibility, as a founding member of the Atlantic Alliance, remains intact.”
The data leak comes after NATO claimed in late August that the bloc was investigating a hacking of missile firm MBDA by unknown malicious actors. According to media reports, the hackers had put blueprints of weapons used by Ukraine in its conflict with Russia on sale on the dark web.