Sep 9 – In Portugal, hundreds of classified NATO documents were accidentally leaked after a cyber attack affecting the Portuguese government’s Department of Defence (DoD). US intelligence officials identified the documents as for sale on online forums.

Portuguese General Staff of the Armed Forces (EMGFA) representatives, who work within the nation’s Department of Defence, stated “We do not discuss alleged leaks of classified information” when certain media outlets reached out for comment.

Stealth attack

The Department has since determined that rules surrounding the secure transmission of classified documents had not been upheld. Unsecured channels were used to receive and share the documents, when in fact the Integrated System of Military Communications (SICOM) should have been used.

Sources say that the attack quietly persisted within network systems for a prolonged length of time, remaining undetectable. The sources also suggested that attackers leveraged specially developed bots in order to scour exfiltrated documents for certain types of information.

Technical details

The computers used by the Portuguese General Staff of the Armed Forces are air-gaped. However, the exfiltration used standard non-secure lines. As a result, current information suggests that the top military body may have broken its own operational rules at some point.

Parliament response

Members of the Portuguese parliament expressed surprise concerning the classified military documents that were leaked and the fact that the country’s intelligence services failed to detect the highly critical breach. Hearings pertaining to the incident were scheduled quickly.

For more on this story, click here. Lastly, to receive more timely cyber security news, insights into emerging trends and cutting-edge analyses, please sign up for the cybertalk.org newsletter.