The cyberattack that crippled the Montenegro government’s digital infrastructure was likely carried out by a Russia-linked Cuba ransomware gang, authorities claim.
Montenegro’s Public Administration Minister Maras Dukaj told state television hackers had created a special virus for the attack called Zerodate, Reuters reports. Dukaj claims that 150 workstations in 10 state institutions were infected due to a cyberattack against the NATO member.
Government internet sites have been closed since the attack, which Montenegro’s National Security Agency (ANB) has linked to Russia, although the extent of any data theft is unclear. Local authorities attributed the attack to the Cuba ransomware group.
“We have already got an official confirmation, it can also be found on the dark web where the documents that were hacked from our system’s computers will be published,” Dukaj said.
Group’s ransomware leak site, seen by Cybernews, lists data stolen from Montenegro’s government. Hackers claim to have stolen financial documents, correspondence with financial institutions, account movements, balance sheets, tax documents, and other data. Cuba ransomware claims that the documents were taken on 19 August.
According to Reuters, Montenegro’s parliament representatives say that data the group claimed to have obtained was publicly available on its website. Authorities say they are yet to receive any ransom demands.
In light of the attack, the interior ministry said the FBI will send Cyber Action Teams to Montenegro to help investigate the attacks.
Government officials have confirmed local authorities suspected Russia was behind the attacks, saying they could be retaliation after NATO-member Montenegro joined EU sanctions against Russia and expelled several Russian diplomats.
Another NATO member, Slovenia, also recently suffered from a cyberattack. Hackers also tried to infiltrate the government websites of Moldova, a nation wedged between Romania and Ukraine.
Cyberwarfare has been plaguing Europe since Russia invaded Ukraine on 24 February. Groups supporting Ukraine started targeting organizations in Russia to help the country defend against the invasion.
Kyiv succeeded in rallying an international IT army to help it fight the digital war. Anonymous, Ukraine’s IT Army, Hacker Forces, and many other hacktivist groups started targeting Russia’s private and state-owned enterprises.
Meanwhile, pro-Russian groups carried out several DDoS attacks against countries supporting Ukraine. Government websites in Finland, Italy, Romania, Germany, Norway, and Lithuania, as well as websites in Czechia, Latvia, and elsewhere, were under cyber fire.
While experts refrain from linking Cuba ransomware with the Kremlin, researchers who analyzed victim negotiations with Cuba ransomware affiliates claim that people behind the group’s leak site use Russian as their primary language.
Cuba ransomware was first noticed in early 2020. According to data collected by the FBI, the group attacked 49 organizations last year, collecting over $43 million in ransom payments.
More from Cybernews:
Subscribe to our newsletter