The cyberattack that crippled the Montenegrin government’s digital infrastructure was likely carried out by a Russia-linked Cuban ransomware gang, authorities claim.
Montenegro’s Public Administration Minister Maras Dukaj said state television hackers developed a special virus called Zerodate for the attack, Reuters reports. Dukaj claims 150 workplaces in 10 state institutions have been infected in a cyber attack on the NATO member.
Government websites have been shut down since the attack, which the Montenegrin National Security Agency (ANB) has linked to Russia, although the extent of the data theft is unclear. Local authorities attributed the attack to the Cuba ransomware group.
“We have already received official confirmation, which can also be found on the dark web, where the documents hacked from our system’s computers are published,” Dukaj said.
The Group’s ransomware leak site seen by Cybernews lists data stolen by the Montenegrin government. Hackers claim to have stolen financial documents, correspondence with financial institutions, account history, balance sheets, tax documents, and other data. Cuba ransomware claims that the documents were stolen on August 19th.
According to Reuters, representatives of the Montenegrin Parliament said data the group allegedly received was publicly available on its website. Authorities say they have not yet received any ransom notes.
In light of the attack, the Interior Department said the FBI will deploy cyber action teams to Montenegro to help investigate the attacks.
Government officials have confirmed local authorities suspect Russia was behind the attacks and said they could be in retaliation after NATO member Montenegro joined EU sanctions on Russia and expelled several Russian diplomats.
Another NATO member, Slovenia, was also recently the victim of a cyber attack. Hackers also tried to infiltrate the government websites of Moldova, a nation wedged between Romania and Ukraine.
Cyber warfare has plagued Europe since Russia invaded Ukraine on February 24. Groups supporting Ukraine began targeting organizations in Russia to help the country defend against invasion.
Kyiv managed to mobilize an international IT army to fight the digital war. Anonymous, Ukraine’s IT Army, Hacker Forces, and many other hacktivist groups began targeting Russia’s private and state-owned companies.
Meanwhile, pro-Russian groups carried out several DDoS attacks against countries supporting Ukraine. Government websites in Finland, Italy, Romania, Germany, Norway and Lithuania, as well as websites in the Czech Republic, Latvia and elsewhere have come under cyber-attacks.
While experts refrain from linking Cuba ransomware to the Kremlin, researchers who have analyzed victim negotiations with Cuba ransomware partners claim that the folks behind the group’s leak site use Russian as their main language.
Kuba ransomware was first noticed in early 2020. According to data collected by the FBI, the group attacked 49 organizations last year and collected over $43 million in ransom payments.
More from Cyber News:
A serious bug in the TikTok Android app allowed the account takeover
Navigating the Cloud: 75% of organizations struggle with securing cloud environments
Research shows thousands of Android apps leak hard-coded secrets
Mockscript makes fun of the way people use LinkedIn
Military tensions between China and Taiwan are fueling active cyber warfare
Subscribe to to our newsletter