Portugal’s Internal Security Service (SIS) has, for the first time, explicitly named Russia, China, North Korea and Iran as the main state threats to national security, according to the 2025 Internal Security Report (RASI), as reported by Jornal Expresso.
Unlike previous editions, which referred only to “hostile states”, the report now directly identifies the countries it says are behind activities that endanger both public and private institutions in Portugal.
This development also comes in the context of Macau Chief Executive’s upcoming visits to Portugal and Spain, an agenda yet to be confirmed by the local government. These trips have added diplomatic attention to broader Portugal–China relations at a sensitive geopolitical moment.
The SIS says Russia continues to maintain a wide range of capabilities to gain privileged access and exert pressure on adversaries, including Portugal. Among the main concerns are possible sabotage operations against critical infrastructure such as submarine cables, as well as intelligence gathering and potential targeting of companies involved in supplying military equipment to Ukraine.
Read more about this topic: Macau Chief Executive hopes to make official visit to Portugal in “April or May” 2026
Authorities have also been warning business leaders, researchers and academics under the Knowledge Protection Programme about these risks.
In the cyber domain, the report points to a rise in cyberattacks, cyber-espionage and large-scale operations, with Russia again highlighted alongside China, North Korea and Iran. These states are said to support hacker groups targeting key sectors including energy, telecommunications, healthcare, education and finance, often using advanced tools such as artificial intelligence.
Outside the report, the SIS recently disclosed a global cyber-espionage operation attributed to Russia’s military intelligence service (GRU), which allegedly compromised routers to intercept sensitive government, military and critical infrastructure data. The operation, active since 2024, reportedly enabled access to credentials, communications and browsing data.
The intelligence service says these campaigns show the growing sophistication and global reach of state-backed cyber operations, which often exploit user behaviour rather than platform vulnerabilities.
The warning comes as Portuguese authorities step up efforts to strengthen cyber resilience and protect critical infrastructure.
