An unprecedented cyber attack on Montenegro's government digital infrastructure occurred, and the government promptly implemented measures to mitigate its impact.
Montenegro immediately reported the attack to other NATO members.
“Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,” said Public Administration Minister Maras Dukaj.
The attack, according to the Minister, began on Thursday night. The US embassy in Montenegro recommended US citizens limit their movement and travel within the country to the necessities and keep their travel documents up to date and easily accessible, fearing that the attack would disrupt government infrastructure for identifying people living in Montenegro and transportation.
The National Security Agency issued a warning to critical infrastructure organisations.
“A persistent and ongoing cyber-attack is in process in Montenegro,” reported the website of the U.S. Embassy in the capital Podgorica.
“The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors.”
EPCG, the state-owned power utility, has switched to manual handling to avoid any potential damage, according to Milutin Djukanovic, president of EPCG. The company decided to temporarily disable some of its clients' services as a safety measure. The government believes the attack was carried out by a nation-state actor.
“Outgoing Prime Minister Dritan Abazovic called a session of the National Security Council for Friday evening to discuss the attack. Abazovic said it was politically motivated following the fall of his government last week,” reported Reuters.
Previous Attacks
Montenegro was targeted by the Russia-linked hacker group APT28 in June 2017 after it officially joined the NATO alliance, amidst strong opposition from the Russian government, which threatened retaliation.
Montenegro experienced massive and prolonged cyberattacks against government and media websites in February 2017, for the second time in a few months. FireEye researchers who analysed the attacks discovered malware and exploits associated with the notorious Russia-linked APT group known as APT28 (aka Fancy Bear, Pawn Storm, Strontium, Sofacy, Sednit, and Tsar Team).
Another massive attack was launched against the country's institutions during the October 2016 elections, sparking speculation that the Russian Government was involved. At the time, hackers launched spear phishing attacks against Montenegro, using weaponized documents related to a NATO secretary meeting and a visit by a European army unit to the country.
The hackers distributed the GAMEFISH backdoor (also known as Sednit, Seduploader, JHUHUGIT, and Sofacy), a malware used only by the APT28 group in previous attacks. Marshal Sir Stuart Peach, Chairman of NATO's Military Committee (MC), announced the Alliance's effort to counter Russian hybrid attacks in January 2020.
The term "hybrid warfare" refers to a military strategy that combines political warfare, irregular warfare, and cyberwarfare with other methods of influencing, such as fake news, diplomacy, lawfare, and foreign electoral intervention.