A sophisticated, long-running cyberattack targeted Portuguese military networks, resulting in the exfiltration of classified NATO documents. The intrusion primarily affected systems in the Estado-Maior-General das Forças Armadas (EMGFA), Centro de Informações de Segurança Militares (CISMIL), and the Direção-Geral de Recursos de Defesa Nacional (DGRDN).
Investigators found that despite secure channels via Sistema Integrado de Comunicações Militares (SICOM), some classified transfers occurred over non-secure lines, allowing automated bots to detect and extract sensitive material in multiple phases.
The Gabinete Nacional de Segurança (GNS), Centro Nacional de Cibersegurança (CNCS), and Centro Nacional de Ciberdefesa conducted a full audit, confirming protocol lapses and highlighting the importance of strict operational security.
Experts emphasize three pillars of cyber resilience: continuous monitoring, effective counterintelligence, and collaboration with allied partners. This case is a reminder that even advanced defenses can fail if procedures aren’t rigorously followed.
