View of the Montenegrin government building in Podgorica, Montenegro, Monday, September 12, 2022. At the government headquarters in NATO member Montenegro, computers are offline, the Internet is down and the state’s main websites are down. The blackout comes amid a massive cyber attack on the small Balkan state that officials say is being traced back to pro-Russian hackers and its security services. The coordinated attack that began around August 20 crippled online government information platforms and put Montenegrin’s key infrastructure, including banks, water and electricity systems, at high risk. The attack, described by experts as unprecedented in its intensity and the largest in the small nation’s recent history, capped a string of cyberattacks since Russia invaded Ukraine, where hackers have targeted Montenegro and other European nations, most of which of NATO. Sitting in his office in the Montenegrin capital Podgorica in front of a blacked-out computer screen, Defense Minister Rasko Konjevic said government officials had been told by cyber experts, including a team of FBI investigators sent to the Balkan state, to go offline for safety causal. “We’ve been facing serious challenges related to the cyber attack for about 20 days, and the entire government system, government administration system and citizen service system are operating at a rather restrictive level,” Koniewicz told The Associated Press. . He said experts from various countries are trying to help restore the Montenegrin government’s computer system and find evidence of who is behind the attack. Montenegrin officials said the attack that crippled the government’s digital infrastructure was likely carried out by a Russian-speaking ransomware gang that generally operates without Kremlin interference as long as it does not target Russian allies. The gang, called Cuba ransomware, claimed responsibility for at least part of the cyber attack in Montenegro, during which it created a special virus for the attack called Zerodate. Montenegro’s National Security Service blamed the attack squarely on Russia. Russia has a strong incentive for such an attack because Montenegro, once considered a strong ally, joined NATO in 2017 despite opposition from the Kremlin. It has also joined Western sanctions against Moscow over its invasion of Ukraine, which led Moscow to label Montenegro an “enemy state” along with several other countries that joined the embargo. “In such attacks, there are usually organizations that act as a mask for state intelligence services,” Konjevic said, adding that Defense Ministry data related to NATO is being protected “in a special way” while other possible leaks are “being investigated.” The cyberattack comes amid an apparent attempt by Moscow to destabilize the Balkan region that was at war in the 1990s through the Kremlin’s Balkan ally, Serbia, and thereby at least partially shift the world’s attention away from the war in Ukraine. Montenegro, which broke away from much larger Serbia in 2006, is currently run by an interim government that has lost parliamentary support due to Prime Minister Dritan Abazovic’s shady dealings with the powerful Serbian Orthodox Church without the consent of the entire coalition he backed the government. Montenegro’s roughly 620,000 residents are deeply divided between those who want the country to restore its close ties with Serbia and Russia and those who want to continue on its path to European Union membership. “A real war is being waged in Ukraine, with bombs, a war of conquest by Russia,” said political analyst Zlatko Vujovic. “Something similar is happening in Montenegro. There are no bombs, but there is a huge tension, a huge hybrid conflict in which the interests of Russia and its intelligence services and Serbia are intertwined.” Other Eastern European states seen as enemies of Russia have also faced cyberattacks, mostly nuisance-level denial-of-service campaigns that make websites inaccessible by flooding them with spam, but do no harm. Targets include networks in Moldova, Slovenia, Bulgaria, North Macedonia and Albania. Last week, Albania severed diplomatic relations with Iran and expelled its diplomats after a July cyber attack it blamed on the Islamic Republic. “Montenegro remains a target in both the public and private sectors, as well as many other countries in this region,” said Patrick Flynn, head of the advanced programs group at Trellix, a US-based cybersecurity firm. “We observed a mix of historically based nation-state actors and known ransomware groups.” “This recent focus on NATO member countries reinforces the need for hypervigilance in key operations as well as government (and) critical infrastructure cybersecurity environments,” he said in an email to the AP.
