Vodafone Portugal 4G and 5G services down after cyberattack

Vodafone Portugal suffered a cyberattack causing country-wide service outages, including the disruption of 4G/5G data networks, SMS texts, and television services.

The cyberattack began last night with Vodafone calling the incident "a deliberate and malicious attack intended to cause damage."

The attack mostly affects the provisioning of services on the data network, including 4G/5G network, fixed voice, television, SMS, and voice/digital answering services. 

For now, only the 3G network is available (max 3MB/sec), and as the notice explains, restoring the other services requires prolonged and careful action.

Vodafone Portugal has over four million cellphone subscribers in the country, and another 3.4 million home and business internet customers, so the cyberattack has caused a large-scale problem.

"The in-depth investigation of the criminal act to which we were subjected will continue indefinitely and with the involvement of the competent authorities," reads the translated announcement.

"We have no evidence to date that Customer data has been accessed and/or compromised."

While Vodafone has not disclosed details on the attack, researchers in the threat intelligence community have told BleepingComputer that they believe it was a ransomware attack.

Bleeping Computer has contacted Vodafone Portugal and the Vodafone Group with further questions but has not received a reply from either yet.

Portugal under attack

Recently, the Cofina group, the owner of multiple media outlets in Portugal, suffered a catastrophic ransomware attack from a relatively new cybercrime gang named Lapsus$ group.

Local sources report that the firm's websites returned online only this Sunday, almost a month after the attacks.

The websites feature a complete redesign in many cases, indicating that the locked systems are unrecoverable.

The same can't be said for Impresa, another one of Portugal's most prominent media groups that was also attacked in January 2022 by ransomware and whose main site remains offline.