In late August and early September of this year, the Montenegrin government and its services were victims of a large-scale coordinated cyber-attack. Government websites, including those of the Ministries of Defence, Finance, and Interior, remained inaccessible. Officials said that several government websites were shut down “for security reasons” in time, and thus the data of citizens or local businesses were not compromised. A team of FBI cyber experts has headed to the small Balkan country following the attack to help investigate.
Dusan Polovic, the director of information and security, said the malware attacked 150 computers in a dozen state institutions and that the data of the Ministry of Public Administration was not permanently damaged. However, some tax collections in the retail sector were affected.
The attack also targeted Montenegro’s water supply systems, transport, and online government services. Although the attacks lasted several days, state infrastructure was not permanently damaged, government officials say. “Our NATO allies are helping us overcome the most serious challenge Montenegro has faced in cyberspace,” Maras Dukaj, the country’s public administration minister, said on Twitter.
Montenegro’s national security office blamed Russia for the attack, though without providing any evidence for its claims. The attack, a combination of ransomware and a distributed denial-of-service (DDoS), disrupted government services and forced the country’s energy companies to switch to manual management.
According to the findings of Profero, a cybersecurity firm, a racketeering gang that infected a parliamentary office with ransomware known as Cuba and included Russian speakers claimed responsibility for at least part of the attack. These Russian-speaking cybercriminals usually operate on their own, with the Kremlin only intervening if they attack countries friendly to Russia.
Montenegrin officials have said that Russia would theoretically have a motive for such an attack, as the Balkan state, once considered a strong Russian ally, joined NATO in 2017 despite strong opposition from the Kremlin. Moreover, Montenegro joined Western sanctions against Moscow following Russia’s invasion of Ukraine. The U.S. Embassy in Podgorica issued a rare warning on Friday, saying the attack could involve a “disruption to public services, transportation (including border crossings and airport services), and the telecommunications sector.”
Cybersecurity cooperation between Montenegro and the U.S. goes back to 2020. Before the elections, the U.S. Army Cyber Command sent a team of experts to Podgorica to help the Balkan country strengthen its cyber defences against possible attacks from abroad.
Other Eastern European countries critical of Russia have also recently been subjected to cyber (mostly DDoS) attacks, which render websites inaccessible by flooding them with unsolicited data packets but do not corrupt data. Networks in Moldova, Slovenia, Bulgaria and Albania have been targeted.
The course and impact of the Montenegro attack show that the cyber infrastructure of former Eastern bloc countries is still very vulnerable to this type of aggression. While cooperation with the FBI shows that the attacked countries can get help from abroad in such cases, they also need to develop their own cybersecurity capabilities to prevent such attacks more effectively. Not to be underestimated, relatively simple cyber-attacks can cause widespread damage in a short period of time.
Photo credit: Canva.com