Cyber-Attack Results in Classified NATO Documents Sold on the Dark-Net


Portugal’s Armed Forces (EMGFA) have been targeted by a cyber-attack. The breach resulted with many classified NATO documents stolen. Portuguese authorities did not have any suspicions up until being notified by US intelligence. Some sources now claim that these documents are already up for sale on the dark-net.

About the Breach

EMGFA is the agency overseeing the Portuguese armed forces. The agency is responsible for the planning and control of any armed forces operation. According to media sources, the EMGFA only became aware of the cyber-attack too late. That came after the US intelligence reached out to the countries prime minister directly. Experts from the National Security Office were immediately dispatched to the armed forces. The case is now being handled directly by the prime ministers office.

The breach seems to have mainly affected the computers of the CISMIL branch of the armed forces. The CISMIL branch is responsible for handling all the classified documents and military secrets. Specifically the lines used by the agency for receiving and forwarding these documents were breached. Some sources claim that human error was involved, and the lines used lacked encryption and additional security.

According to Portuguese media, hundreds of classified documents have ended up in the wrong hands as a result of the breach. There are worries about the hackers gaining access earlier than thought. If so more unknown classifies information could have been breached. Investigators are working to determine the exact extend of the breach.

US intelligence confirmed that the documents are now available for sale on the dark-net. The situation has been deemed to be of “extreme gravity”. A source from the Portuguese armed forces made a statement. “The government can guarantee that the Ministry of National Defence and the Armed Forces are working every day so that Portugal’s credibility as a founding member of the Atlantic Alliance remains intact.“

Worries of Carelessness or Treason

Alarms started being raised all around NATO states after the breach came to light. Some suspect negligence, or even possible treason, leading to the documents leak. The possibility of treason is unlikely, but as claimed by many sources, negligence is the potential cause. If it in fact true, unsecured communications lines have been used by the CISMIL to send and receive classified documents. SICOM (integrated System of Military Communications) has to be used in such cases. Allies insist that advanced, and in-depth investigations are needed. Some even insist that a criminal investigation must be launched.


This breach is yet another major cyber-security incident to occur in recent years. Cyber-attacks have been rising exponentially over the last few years, with the trend not slowing down. This latest breach is the 2nd major cyber-attack to be investigated by NATO this year. Recently 70GB of data from MDBA, the 2nd largest missile manufacturer have been placed for sale. Investigations are expected to continue, so far, not much more is being commented on the situation.




Oct. 30, 2022

Help where info

Sept. 19, 2022