Cyber Incident Victim: Ministério dos Negócios Estrangeiros

On or around February 18, 2022, the Portuguese Ministry of Foreign Affairs (Ministério dos Negócios Estrangeiros, MNE) experienced a cybersecurity incident involving unauthorized access to its systems. The intrusion disrupted the ministry's email services, leaving diplomats and staff at the Palácio das Necessidades headquarters without electronic communication capabilities beginning on February 17. Portugal's Serviço de Informações de Segurança (SIS) detected the breach, though investigators had not yet identified the attack's origin at the time of reporting. Preliminary assessments indicated the possibility of compromise to classified state information, though the full scope of data exposure remained under investigation. The incident prompted immediate operational disruptions within diplomatic communications channels, though physical consular services reportedly continued without interruption.

The Polícia Judiciária (PJ) initiated a criminal investigation to determine whether the breach extended beyond the MNE's systems to affect the broader Rede Informática do Governo (RING), Portugal's centralized government network infrastructure. Authorities did not publicly confirm any lateral movement within RING or compromise of other government entities. No ransomware deployment or public data leaks were reported in connection with the incident during the initial response phase. The SIS maintained lead responsibility for technical forensic analysis while coordinating with judicial police on attribution efforts. Service restoration timelines for email systems remained unspecified in available reporting, with no immediate claims of responsibility by threat actors documented in public sources.