NATO member Montenegro grapples with massive cyberattack it blames on Russia
At government headquarters in NATO member Montenegro, computers are unplugged, the internet is switched off and the state’s main websites are down amid a massive cyberattack that officials say bears the hallmark of pro-Russian hackers and its security services.
The coordinated attack that started around Aug. 20 crippled online government information platforms and put Montenegro’s essential infrastructure, including banking, water and electricity power systems, at high risk.
The attack, described by experts as unprecedented in its intensity and the longest in the tiny Balkan nation’s recent history, is one of a string of cyberattacks that have occurred in Europe, mostly NATO member states, since Russia invaded Ukraine on Feb. 24.
Sitting at his desk in Montenegro’s capital, Podgorica, in front of a blackened PC screen, Defense Minister Rasko Konjevic said government officials were advised by cyber experts, including a team of FBI investigators who were dispatched to Montenegro, to go offline for security reasons.
“We have been faced with serious challenges related to the cyberattack for about 20 days, and the entire state system, the system of state administration and the system of services to citizens are functioning at a rather restrictive level,” Konjevic told the Associated Press.
He said experts from several countries are trying to help restore the Montenegro government’s computer system and find proof of who is behind the attack.
A full-scale Russian invasion of Ukraine appears imminent, but the two countries have for years been locked in cyber combat.
Montenegrin officials said the attack that crippled the government’s digital infrastructure was likely carried out by a Russian-speaking ransomware gang that generally operates without Kremlin interference as long as it doesn’t target Russian allies. The gang, called Cuba ransomware, claimed responsibility for at least part of the Montenegro cyberattack, in which it created a special virus for the attack called Zerodate.
Montenegro’s Agency for National Security blamed the attack squarely on Russia.
Russia has a strong motive for such an attack because Montenegro, which it once considered a strong ally, joined NATO in 2017 despite the Kremlin’s opposition. It has also joined Western sanctions against Moscow over the Ukraine invasion, which led Moscow to brand Montenegro an “enemy state” along with several other countries that joined the embargo.
“In such attacks, there are usually organizations that are a mask for state intelligence services,” Konjevic said, adding that the defense ministry’s NATO-related data were protected “in a special way” while the other possible leaks “are being investigated.”
Russia’s invasion of Ukraine rang alarm bells in Stockholm and Helsinki, which decided to end decades of nonalignment and apply for NATO membership.
The cyberattack comes amid an apparent attempt by Moscow to destabilize the Balkan region, which was at war in the 1990s through the Kremlin’s Balkan ally Serbia, and thus at least partly shift the world’s attention from the war in Ukraine.
Montenegro, which split from much larger Serbia in 2006, is currently run by an interim government that has lost parliamentary support because of Prime Minister Dritan Abazovic ’s shady deals with the influential Serbian Orthodox Church without the consent of the whole coalition that supported the government.
Montengro’s roughly 620,000 people are deeply split between those who want the country to restore its close ties to Serbia and Russia and those who want it to continue on its path of European Union membership.
“A real war is being waged in Ukraine, with bombs, a war of conquest by Russia,” political analyst Zlatko Vujovic said. “Something similar is happening in Montenegro. There are no bombs, but there is a huge tension, a huge hybrid conflict in which the interests of Russia and its and Serbian intelligence services are interconnected.”
L.A. couple facing prison for stealing $18 million in a pandemic relief scam took a private jet to the Balkans and vanished into a posh town on the Mediterranean.
Other Eastern European states deemed enemies of Russia have also faced cyberattacks, mostly nuisance-level denial-of-service campaigns that render websites unreachable by flooding them with junk data but don’t damage them. Targets have included networks in Moldova, Slovenia, Bulgaria, North Macedonia and Albania.
Last week, Albania severed diplomatic relations with Iran and kicked out its diplomats after a cyberattack in July that it blamed on the Islamic Republic.
“Montenegro remains a target within both the public and private sector, as well as many other countries in that region,” said Patrick Flynn, head of the advanced programs group at Trellix, a U.S.-based cybersecurity company. “We have observed a blend of historically based nation-state actors and well-known ransomware groups.”
Start your day right
Sign up for Essential California for the L.A. Times biggest news, features and recommendations in your inbox six days a week.
You may occasionally receive promotional content from the Los Angeles Times.