The U.S. Federal Bureau for Investigation (FBI) will deploy a team of cyber experts to Montenegro to examine a massive, coordinated attack on the Balkan nation's digital infrastructure, the interior ministry announced on Wednesday.
The rapid deployment of the FBI cyber team suggests "the excellent cooperation between the United States of America and Montenegro and proof that we can count on their support in any situation," said Montenegro's Ministry of Internal Affairs.
Last week, a combination of ransomware and DDoS attacks disrupted government services and prompted the nation's electrical utility to switch to manual control. Montenegro's Agency for National Security accused Russia of being responsible for them and has said that up to €2.5mn were invested to launch cyber-attacks.
“Coordinated Russian services are behind the cyber attack,” the ANB stated. “This kind of attack was carried out for the first time in Montenegro and it has been prepared for a long period of time.”
According to Dusan Polovic, the Director of the Directorate for Information Security, twelve state entities had 150 computers laced with malware following the assault, and while there was no permanent damage to Ministry of Public Administration data, certain retail tax collection was affected.
The infected stations have been removed from the network and hard drives have been removed from them for further forensics, he said, adding that the priority is to put the tax system into operation, but this will be done only when it is completely secure.
Government officials have confirmed that National Security Agency (ANB) suspected that Kremlin was behind the attacks, saying they could be retaliation after Montenegro joined NATO in 2017 despite strong opposition from Russia. It also joined Western sanctions against Moscow because of its invasion of Ukraine in February.
On Friday, the U.S. Embassy in Podgorica recommended U.S. citizens restrict movement and travel in the country to the necessities and have travel documents up to date and easily accessible, fearing that the attack could disrupt transportation (including border crossings and airport), and telecommunication sectors.
Recently, Russia has also targeted multiple Eastern European nations including Moldova, Slovenia, and Bulgaria, via denial-of-service campaigns, which render websites unreachable by flooding them with junk data packets but don't damage data.
But the assault against Montenegro's infrastructure seemed more coordinated, with targets including water supply systems, transportation services, and online government services, among many others.