As three countries suffer extensive cyberattacks over a short period of time, suspicions arise: does Russia have anything to do with it?
Although Moldova, Montenegro, and Slovenia were all targeted by threat actors, not all of these cases seem to be directly tied to the Kremlin.
Attack on Montenegro
The attack on Montenegro, which began on Thursday night, targeted the government’s IT infrastructure and local services.
“Since late last night, Montenegro has been exposed to a new series of organized cyber attacks on the Government's IT infrastructure. The primary target is the structure of state authorities,” the Minister of Public Administration, Marash Dukaj, said in a tweet.
He added that although the attack was “unprecedented,” the data of citizens, as well as the security of their accounts, weren’t compromised.
The US embassy in Montenegro added that the “persistent and ongoing” attack “may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors” and urged to limit movement to the necessities.
France has since stepped up to help Montenegro by sending a mission from the French Agency for Information Systems Security (ANSSI) to help investigate the cyberattack and restore cybersecurity.
The Agency for National Security, ANB, blamed Russia for the cyberattack, arguing that Montenegro found itself in “a hybrid war.” Prime Minister Dritan Abazovic, however, suggested that there is currently no clear information about the organizers.
“Security sector authorities couldn’t confirm that there is an individual, a group, a state behind this, nor could we deny it,” Abazovic said.
Relations between Montenegro and Russia took a hit after the country joined NATO in 2017.
Attack on Moldova
Last Thursday, The Information Technology and Cyber Security Service (STISC) informed that a series of cyberattacks on Moldova’s state systems have been taking place over the last 72 hours.
Cybercriminals targeted 80 information systems, platforms, and public portals, although with limited success.
‘The purpose of these cyberattack attempts was to cause the unavailability of the state's information resources by sending a large number of connection requests or a large volume of data, with the objective of overloading the processing resources of the information systems,” the STISC’s press release said.
Based on preliminary findings, the attacks came from outside of Moldova and from IP addresses located in different countries.
Earlier before that, a pro-Russian hacker group Killnet announced a hacking campaign against Moldova. Killnet was previously involved in attacking Italy, Lithuania, and Norway.
Moldova’s President Maia Sandu has recently given a speech on Moldova’s 31st anniversary, where she condemned Russia’s invasion of Ukraine and encouraged the country's EU membership.
Attack on Slovenia
Two weeks ago, Slovenia’s Administration for Protection and Rescue of the Republic of Slovenia (URSZR) was hit by a cyberattack.
The National Cyber Security Response Center has prepared a report covering the attack. A subsequent review of the systems and network data revealed over 950 vulnerabilities, including the use of weak passwords and no implementation of 2FA (two-factor authentication).
The emergency services, such as 112 and notification centers, were not impacted. The Incident Reporting System, however, was down for several days,
Mr. Darko But, IRSZR’s director, admitted that their servers are indeed old, yet claimed that they aren’t outdated. It currently seems that the attacker most likely accessed URSZR’s network through the computer of one of the remote employees.
According to URSZR’s statement, all impacted systems will be replaced. The attack currently doesn’t seem to be politically motivated.
"At the Ministry of Defense, we immediately began to search for system solutions to eliminate the shortcomings and reduce the vulnerability of the information system of the URSZR," the ministry announced.
More from Cybernews:
Subscribe to our newsletter