Russian Hackers Target Portuguese Officials in Cyber-Espionage Campaign

Portugal's domestic intelligence agency, the Serviço de Informações de Segurança, has publicly warned that a state-sponsored cyber-espionage campaign is actively targeting the messaging accounts of government officials, diplomats, and military personnel across the country. No Portuguese minister has fallen victim so far, but the scale and sophistication of the operation have prompted an urgent advisory.

The attackers are not exploiting flaws in WhatsApp or Signal encryption — both platforms remain technically secure. Instead, the campaign relies on social engineering: fake technical support contacts, QR code scams known as "quishing," and identity theft designed to trick targets into voluntarily surrendering their login credentials and two-factor authentication codes. Once inside an account, operatives can read private conversations, download shared files, add unauthorized devices, and launch secondary phishing campaigns using the victim's contact list.

Who Is Behind It

The SIS did not publicly name the foreign government sponsoring the operation, but Dutch intelligence services have attributed similar attacks to Russian operatives, and Portuguese media outlet Expresso has reported the same. Security analysts note that Russia, along with Iran and North Korea, regularly appears in global threat reports as a state that funds and directs cyber-espionage campaigns against Western targets.

Minister of the Presidency António Leitão Amaro addressed reporters following a cabinet meeting, confirming that the coalition executive adheres to security best practices. He made a pointed reference to past lapses, noting that "government deliberations are not conducted through WhatsApp — those days are gone." The remark was widely interpreted as a dig at the previous administration, when a minister authorized an official decision regarding the national airline TAP via instant messaging.

The AI Factor

What makes this campaign particularly concerning is the integration of artificial intelligence tools. AI-powered systems allow attackers to assume convincing identities, mimic linguistic patterns, and craft personalized messages that appear authentic. A phishing email that might once have been caught by a clumsy translation or generic greeting can now be tailored to the target's communication style and professional context.

For anyone living in Portugal who uses messaging apps for sensitive communications — and that increasingly includes not just officials but journalists, lawyers, business executives, and civil society figures — the practical advice from cybersecurity experts is clear. Never share verification codes with anyone, regardless of how legitimate the request appears. Enable two-step verification on all messaging platforms. Be skeptical of unsolicited contact requests, especially those that reference professional credentials or claim to be from technical support. And review linked devices in your messaging app settings regularly — unauthorized devices are a telltale sign of compromise.

The threat extends beyond government circles. As remote work and digital communication become the norm across Portugal's professional landscape, the same techniques used against diplomats can easily be adapted to target business owners, academics, and anyone whose contacts or communications have value to a foreign intelligence service.