FBI is helping Montenegro in investigating the ongoing cyberattack

A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack.

A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week.

“This is another confirmation of the excellent cooperation between the United States of America and Montenegro and a proof that we can count on their support in any situation,” the ministry said of the deployment of the Cyber Action Team.

Last week, an unprecedented cyber attack hit the Government’s digital infrastructure in Montenegro, and the local authorities timely adopted measures to mitigate its impact.

Montenegro immediately reported the attack to other members of the NATO alliance.

“Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,” said Public Administration Minister Maras Dukaj.

According to the Minister, the attack began on Thursday night. The US embassy in Montenegro advised U.S. citizens to limit movement and travel in the country to the necessities and have travel documents up to date and easily accessible, fearing that the attack could impact government infrastructure for the identification of people residing in Montenegro and the transportation.

“A persistent and ongoing cyber-attack is in process in Montenegro,” reported the website of the U.S. Embassy in the capital Podgorica. “The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors.”

The National Security Agency issued a warning to organizations operating critical infrastructure.

The state-owned power utility EPCG has switched its operation to manual handling to prevent any possible damage, explained Milutin Djukanovic, president of the EPCG Board of Directors.

The company also opted to temporarily deactivate some clients’ services as a precaution. The Government believes that the attack was orchestrated by a nation-state actor.

The National Security Agency said that Montenegro was “under a hybrid war at the moment.”

The state has been a Russian ally since 2017 when it joined NATO despite strong opposition from Russia, it also expressed support to Ukraine after its invasion.

Now Moscow has added the state to its list of “enemy states” for this reason it is suspected to be the source of the attacks.

“Coordinated Russian services are behind the cyber attack,” the ANB said in a statement. “This kind of attack was carried out for the first time in Montenegro and it has been prepared for a long period of time.”

“I can say with certainty that this attack that Montenegro is experiencing these days comes directly from Russia.” said Dusan Polovic, a government official.

However, a cybercriminal extortion gang has claimed responsibility for at least part of the attack, the systems at a parliamentary office were infected with a variant of Cuba ransomware.

On Monday, government officials confirmed that the attack on the information system of institutions was still ongoing, fortunately without impact.

“A huge amount of money was invested in the attack on our system”, said Minister of Public Administration Maras Dukaj He added that his ministry cannot determine the source of the attack, but that there is “strong indication that it is coming from Russia.”

In June 2017, Montenegro was targeted by the Russia-linked hacker group APT28 after Montenegro officially joined NATO alliance despite the strong opposition from the Russian Government that threatened to retaliate.

In February 2017, for the second time in a few months, Montenegro suffered massive and prolonged cyberattacks against government and media websites. Researchers at security firm FireEye who analyzed the attacks observed malware and exploits associated with the notorious Russia-linked APT group known as APT28 (aka Fancy Bear, Pawn Storm, Strontium, Sofacy, Sednit, and Tsar Team).

Another massive attack hit the country’s institutions during October 2016 elections, amid speculation that the Russian Government was involved.

At the time, Hackers targeted Montenegro with spear phishing attacks, the malicious messages used weaponized documents pertaining to a NATO secretary meeting and a visit by a European army unit to Montenegro.

The hackers delivered the GAMEFISH backdoor (aka Sednit, Seduploader, JHUHUGIT and Sofacy), a malware that was used only by the APT28 group in past attacks.

In January 2020, the Chairman of the NATO Military Committee (MC), Marshal Sir Stuart Peach, announced the effort of the Alliance in facing Russian hybrid attacks.

The term “Hybrid warfare” refers to a military strategy which employs political warfare and blends conventional warfare, irregular warfare and cyberwarfare with other influencing methods, such as fake news, diplomacy, lawfare and foreign electoral intervention.

Peach said that the NATO alliance had set up the first NATO counter-hybrid team in Montenegro.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Montenegro)

[adrotate banner=”5″]

[adrotate banner=”13″]