The United States Embassy in Montenegro issued a rare security alert, warning of a "persistent and ongoing cyberattack" that could include disruptions to public utilities, transportation, and telecommunications.
Government officials from the small, Balkan nation took to Twitter to share some information about the incident. Marash Dukaj, the Minister of Public Administration, tweeted this:
"Since late last night, Montenegro has been exposed to a new series of organized cyberattacks on the government's IT infrastructure. The primary target is the structure of state authorities.
Although certain services are currently temporarily disabled for security reasons, the security of the accounts of citizens and business entities and their data are not in any way endangered."
The Cuba Ransomware gang has claimed responsibility for the attack, listing the stolen information on its Tor-based data leak site. It claims that on August 19th it exfiltrated data from the Parliament of Montenegro, also known as Skupština, that included "financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, source code."
The picture below is from Cuba Ransomware's leak site:
Despite the gang's name, some officials within Montenegro's government are blaming Russia for the cyberattack. The Agency for National Security (ANB) said in a statement:
"Coordinated Russian services are behind the cyber attack. This kind of attack was carried out for the first time in Montenegro and it has been prepared for a long period of time."
There are certainly plenty of reasons to suspect Russia in this situation.
Montenegro and Russia have what some might describe as a strained relationship. In 2017, the Balkan nation became the 29th member of NATO, a move that Russia did not take kindly to (think of how they responded to the possibility of Ukraine joining NATO).
Montenegro now finds itself on a list of "unfriendly countries" created by President Putin in March of this year after governments around the world sanctioned Russia for its invasion of Ukraine.
Aside from suspicion, cybersecurity firm Profero previously connected the Cuba Ransomware gang to Russian-speaking threat actors, though Profero believes the group is "not state-sponsored."
The timing of this cyberattack was well executed, as the Montenegro Parliament recently passed a vote of no-confidence on the cabinet proposed by Prime Minister Dritan Abazović, the second no-confidence motion to pass this year, leaving the country without a prime minister.
Since the attack, the official website of the government of Montenegro is unavailable and there is a possibility that several power plants have switched to manual operations.
Follow SecureWorld News for updates on the situation.