“Since late last night, Montenegro has been exposed to a new series of organized cyber attacks on the Government's IT infrastructure. The primary target is the structure of state authorities,”
the Minister of Public Administration, Marash Dukaj, said in a tweet.
He added that although the attack was “unprecedented,” the data of citizens, as well as the security of their accounts, weren’t compromised. The US embassy in Montenegro added that the “persistent and ongoing” attack “may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors” and urged to limit movement to the necessities.
France has since stepped up to help Montenegro by sending a mission from the French Agency for Information Systems Security (ANSSI) to help investigate the cyberattack and restore cybersecurity.
The Agency for National Security, ANB, blamed Russia for the cyberattack, arguing that Montenegro found itself in “a hybrid war.” Prime Minister Dritan Abazovic, however, suggested that there is currently no clear information about the organizers.
“Security sector authorities couldn’t confirm that there is an individual, a group, a state behind this, nor could we deny it,” Abazovic said.
Relations between Montenegro and Russia took a hit after the country joined NATO in 2017.
‘The purpose of these cyberattack attempts was to cause the unavailability of the state's information resources by sending a large number of connection requests or a large volume of data, with the objective of overloading the processing resources of the information systems,”
the STISC’s press release said.
Based on preliminary findings, the attacks came from outside of Moldova and from IP addresses located in different countries.
Earlier before that, a pro-Russian hacker group Killnet announced a hacking campaign against Moldova. Killnet was previously involved in attacking Italy, Lithuania, and Norway.
Moldova’s President Maia Sandu has recently given a speech on Moldova’s 31st anniversary, where she condemned Russia’s invasion of Ukraine and encouraged the country's EU membership.
The National Cyber Security Response Center has prepared a report covering the attack. A subsequent review of the systems and network data revealed over 950 vulnerabilities, including the use of weak passwords and no implementation of 2FA (two-factor authentication).
The emergency services, such as 112 and notification centers, were not impacted. The Incident Reporting System, however, was down for several days,
Mr. Darko But, IRSZR’s director, admitted that their servers are indeed old, yet claimed that they aren’t outdated. It currently seems that the attacker most likely accessed URSZR’s network through the computer of one of the remote employees.
According to URSZR’s statement, all impacted systems will be replaced. The attack currently doesn’t seem to be politically motivated.
"At the Ministry of Defense, we immediately began to search for system solutions to eliminate the shortcomings and reduce the vulnerability of the information system of the URSZR," the ministry announced.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
C/O David Cahill
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland