PODGORIC – At the seat of government in NATO-member Montenegro, computers are unplugged, the internet is down, and major state websites are down. The outage comes amid a massive cyberattack on the tiny Balkan state that officials say bears the hallmark of pro-Russian hackers and its security services.
The coordinated attack that began around August 20 crippled online government news platforms and put Montenegro’s critical infrastructure, including banking, water and electricity systems, at high risk.
The attack, described by experts as unprecedented in its intensity and the longest in the small nation’s recent history, capped a series of cyberattacks since Russia invaded Ukraine in which hackers targeted Montenegro and other European countries, mostly NATO members.
Sitting at his desk in Montenegro’s capital, Podgorica, in front of a blacked-out computer screen, Defense Minister Rasko Konjevic said government officials had been advised by cyber experts, including a team of investigators from the FBI who was dispatched to the Balkan state, to go offline for security reasons. the reasons.
“We have been facing serious challenges from the cyberattack for about 20 days, and the whole state system, state administration system and citizen service system are operating at a rather restrictive level.” , Konjevic told The Associated Press. .
He said experts from several countries are trying to help restore Montenegro’s government computer system and find evidence of who is behind the attack.
Officials in Montenegro said the attack that crippled the government’s digital infrastructure was likely carried out by a Russian-speaking ransomware gang that typically operates without Kremlin interference as long as it doesn’t target Russian allies. The gang, called Cuba ransomware, claimed at least part of the cyberattack in Montenegro, in which it created a special virus for the attack called Zerodate.
The Montenegrin National Security Agency blamed the attack on Russia.
Russia has a strong motive for such an attack because Montenegro, which it once considered a strong ally, joined NATO in 2017 despite opposition from the Kremlin. It also joined Western sanctions against Moscow following the invasion of Ukraine, which led Moscow to label Montenegro an “enemy state” along with several other countries that joined the embargo.
“In such attacks, there are usually organizations that mask state intelligence services,” Konjevic said, adding that Defense Ministry data related to NATO is protected “in a special way. ‘ while the other possible leaks ‘are being investigated’.
The cyberattack comes amid an apparent attempt by Moscow to destabilize the Balkan region that was at war in the 1990s through Serbia, a Kremlin ally in the Balkans, and thus at least partly divert the world’s attention to the war in Ukraine.
Montenegro, which split from much larger Serbia in 2006, is currently ruled by an interim government that has lost parliamentary support due to Prime Minister Dritan Abazovic’s shady deals with the influential Serbian Orthodox Church without consent. of the entire coalition that supported the government. .
The approximately 620,000 inhabitants of Montenegro are deeply divided between those who want the country to re-establish its close ties with Serbia and Russia and those who want it to continue on the path to European Union membership.
“A real war is being waged in Ukraine, with bombs, a war of conquest by Russia,” said political scientist Zlatko Vujovic. “Something similar is happening in Montenegro. There are no bombs, but there is a huge tension, a huge hybrid conflict in which the interests of Russia and its Serbian intelligence services are interconnected.
Other Eastern European states considered enemies of Russia have also faced cyberattacks, mainly harmful denial of service campaigns that render websites inaccessible by flooding them with unwanted data, but do not not damage. Targets have included networks in Moldova, Slovenia, Bulgaria, North Macedonia and Albania.
Albania last week severed diplomatic ties with Iran and expelled its diplomats after a July cyberattack it blamed on the Islamic Republic.
“Montenegro remains a target for both the public and private sectors, as well as many other countries in this region,” said Patrick Flynn, group manager for advanced programs at Trellix, a US-based cybersecurity company. United States. “We observed a mix of story-based nation-state actors and well-known ransomware groups.”
“This recent focus on NATO member nations reinforces the need for hypervigilance within key businesses as well as government (and) critical infrastructure cybersecurity environments,” he said in an e-mail. email to AP.
AP writer Predrag Milic contributed.
Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.