Targeted cyberattack takes out Vodafone Portugal

10 Feb 2022

Image: © Tobias Arhelger/

The attack on Vodafone’s network comes a month after hackers took out two of Portugal’s major media websites.

A “deliberate and malicious” cyberattack on Vodafone Portugal on Monday night (7 February) caused disruption to some emergency services reliant on the network.

As well as Vodafone’s mobile voice and data, fixed-line voice, SMS and answering services being impacted, the national ambulance service and some fire brigades were reportedly disrupted by the attack.

ATMs on Portugal’s Multibanco network were also rendered unavailable at times until midnight on Monday.

Vodafone’s television service in Portugal was not directly impacted by the cyberattack but some customers did report disruption as work was ongoing to restore interconnections between systems.

Vodafone Portugal CEO Mário Vaz described the attack as a “criminal act” that had been deliberately made. Vaz also warned at a press conference on Tuesday (8 February) that full recovery of services would take some time.

Some services had already been restored early Tuesday, such as voice and 3G data, while 4G mobile data services were expected to follow soon after.

In an update on Wednesday (9 February), progress had been made on restoring fixed-line voice services, an important service for Vodafone’s business customers in particular. Vodafone also reported that it was working to restore customer support services, which continued to face “instability”.

Vodafone Portugal assured customers that there was no evidence to indicate that data had been accessed or compromised.

Details of the Vodafone Portugal attack have not been revealed, but Vodafone’s cybersecurity professionals were put to work alongside the relevant authorities to conduct an “in-depth investigation”.

Commenting on the attack, Sam Linford, a vice-president at cybersecurity company Deep Instinct, said that past successes are prompting cybercriminals to go after similar targets.

“In the past we have seen ransomware crime groups go after hospitals trying to deal with the Covid-19 pandemic, and most recently they have attacked the Red Cross’ third-party data storage provider.”

While Vodafone responded as soon as an attack was detected, Linford flagged that the problem with endpoint detection and response is that an attack has to be executed before it is identified as either malicious or benign.

“[This] is too slow when the fastest ransomware attacks can encrypt data within 15 seconds,” he said. “Organisations need to invest in solutions that use technology such as deep learning, which can deliver a sub-20 millisecond response time to stop malware pre-execution and before it can take hold.”

Last month, the websites of the Expresso newspaper and SIC TV channel, two of Portugal’s major media sources, were hit by a ransomware attack credited to the hacker group Lapsus$.

The group also claimed to gain control of the Amazon Web Services account of Impresa, the media conglomerate that owns Expresso and SIC. Phishing emails were sent to Expresso subscribers and hackers sent tweets from the site’s compromised Twitter account.

Updated, 11.35am, 10 February 2022: This article has been updated to include comments from Sam Linford.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.