Montenegro’s department of the interior made the announcement Wednesday, though its official website was still down, alongside government defense and finance websites. Montenegro’s high-ranking police officials met with the FBI’s legal attache the same day, and agreed that the FBI’s Cyber Action Teams (CAT) should assist with the investigation.
What We Know About the Montenegro Cyber Attacks
The country’s officials described the attacks — which targeted several government agencies and services — as “unprecedented.” According to Maras Dukaj, the country’s Public Administration Minister, 150 workstations in 10 state institutions were affected. Dukaj first warned the public about the cyberattacks on August 26. However, this was the second wave of cyberattacks to hit the Balkan country in a short span. Just a week prior, Montenegro faced an attack shortly after a no-confidence vote forced Prime Minister Dritan Abazovic to resign. Apparently, hackers targeted the electricity and water supply systems, transportation services, as well as several online portals for state services. The Montenegro government pushed its state-managed IT infrastructure offline to prevent any further damage. Several power plants were switched to manual operations. “Although certain services are currently temporarily disabled for security reasons, the security of the accounts of citizens and business entities and their data are not in any way endangered,” Dukaj tweeted. The U.S. embassy in Montenegro put out a security alert warning American citizens about the attack and the potential risks. “A persistent and ongoing cyber-attack is in process in Montenegro. The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors,” the alert reads.
Montenegro Suspects Russian Hand in Attacks
Montenegro has blamed Russia, speculating that the attack is a direct response to joining western sanctions against the warring country. Montenegro also expelled several Russian diplomats recently. Rasko Konjevic, the Balkan country’s defense minister, said that individuals could not carry out such sophisticated attacks. “Who could have some kind of political interest in inflicting such damage on Montenegro? I think there is enough (evidence) to suspect that Russia is behind the attack,” Konjevic said to state television. However, the Cuba ransomware group has taken responsibility for the attacks. While the group has some Russian-speaking members, cybersecurity firm Profero said it is unlikely that it is state-sponsored. Since last year, the group has carried out cyber attacks against several American organizations, including the California DMV. In December 2021, the FBI said the ransomware compromised at least 49 entities in five critical infrastructure sectors. The group is known to use a variety of tools such as information-stealing malware, Remote Access Trojans (RATs), in addition to ransomware.