Unprecedented cyber attack hit State Infrastructure of Montenegro

The state Infrastructure of Montenegro was hit by a massive and “unprecedented” cyber attack, authorities announced.

An unprecedented cyber attack hit the Government digital infrastructure in Montenegro, the government has timely adopted measures to mitigate its impact.

Montenegro immediately reported the attack to other members of the NATO alliance.

“Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,” said Public Administration Minister Maras Dukaj.

According to the Minister, the attack began on Thursday night. The US embassy in Montenegro advised U.S. citizens to limit movement and travel in the country to the necessities and have travel documents up to date and easily accessible, fearing that the attack could impact government infrastructure for the identification of people residing in Montenegro and the transportation.

“A persistent and ongoing cyber-attack is in process in Montenegro,” reported the website of the U.S. Embassy in the capital Podgorica. “The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors.”

The National Security Agency issued a warning to organizations operating critical infrastructure.

The state-owned power utility EPCG has switched its operation to manual handling to prevent any possible damage, explained Milutin Djukanovic, president of the EPCG Board of Directors.

The company also opted to temporarily deactivate some clients’ services as a precaution. The Government believes that the attack was orchestrated by a nation-state actor.

“Outgoing Prime Minister Dritan Abazovic called a session of the National Security Council for Friday evening to discuss the attack. Abazovic said it was politically motivated following the fall of his government last week.” reported the Reuters.

In June 2017, Montenegro was targeted by the Russia-linked hacker group APT28 after Montenegro officially joined NATO alliance despite the strong opposition from the Russian Government that threatened to retaliate.

In February 2017, for the second time in a few months, Montenegro suffered massive and prolonged cyberattacks against government and media websites. Researchers at security firm FireEye who analyzed the attacks observed malware and exploits associated with the notorious Russia-linked APT group known as APT28 (aka Fancy Bear, Pawn Storm, Strontium, Sofacy, Sednit, and Tsar Team).

Another massive attack hit the country’s institutions during October 2016 elections, amid speculation that the Russian Government was involved.

At the time, Hackers targeted Montenegro with spear phishing attacks, the malicious messages used weaponized documents pertaining to a NATO secretary meeting and a visit by a European army unit to Montenegro.

The hackers delivered the GAMEFISH backdoor (aka Sednit, Seduploader, JHUHUGIT and Sofacy), a malware that was used only by the APT28 group in past attacks.

In January 2020, the Chairman of the NATO Military Committee (MC), Marshal Sir Stuart Peach, announced the effort of the Alliance in facing Russian hybrid attacks.

The term “Hybrid warfare” refers to a military strategy which employs political warfare and blends conventional warfare, irregular warfare and cyberwarfare with other influencing methods, such as fake news, diplomacy, lawfare and foreign electoral intervention.

Peach said that the NATO alliance had set up the first NATO counter-hybrid team in Montenegro.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Montenegro)

[adrotate banner=”5″]

[adrotate banner=”13″]