At the government headquarters in NATO-member Montenegro, the computers are unplugged, the internet is switched off and the state’s main websites are down. The blackout comes amid a massive cyberattack against the small Balkan state which officials say bears the hallmark of pro-Russian hackers and its security services.
The coordinated attack that started around Aug. 20 crippled online government information platforms and put Montenegro’s essential infrastructure, including banking, water and electrical power systems, at high risk.
The attack, described by experts as unprecedented in its intensity and the longest in the tiny nation’s recent history, capped a string of cyberattacks since Russia invaded Ukraine in which hackers targeted Montenegro and other European nations, most of them NATO members.
Sitting at his desk in Montenegro’s capital, Podgorica, in front of a blackened PC screen, Defense Minister Rasko Konjevic said government officials were advised by cyber experts, including a team of FBI investigators that was dispatched to the Balkan state, to go offline for security reasons.
He said experts from several countries are trying to help restore the Montenegro government’s computer system and find proof of who is behind the attack.
Montenegro officials said the attack that crippled the government’s digital infrastructure was likely carried out by a Russian-speaking ransomware gang that generally operates without Kremlin interference as long as it doesn’t target Russian allies. The gang, called Cuba ransomware, claimed responsibility for at least part of the Montenegro cyberattack, in which it created a special virus for the attack called Zerodate.
Montenegro’s Agency for National Security blamed the attack squarely on Russia.
Russia has a strong motive for such an attack because Montenegro, which it once considered a strong ally, joined NATO in 2017 despite the Kremlin’s opposition. It has also joined Western sanctions against Moscow over the Ukraine invasion, which led Moscow to brand Montenegro an “enemy state” along with several other countries that joined the embargo.
Other Eastern European states deemed enemies of Russia have also faced cyberattacks, mostly nuisance-level denial-of-service campaigns that render websites unreachable by flooding them with junk data but don’t damage them. Targets have included networks in Moldova, Slovenia, Bulgaria, North Macedonia and Albania.
Last week, Albania severed diplomatic relations with Iran and kicked out its diplomats after a cyberattack in July that it blamed on the Islamic Republic.