Quote:
The innocent sounding email reached an official of the Montenegrin Defence Ministry in early January 2017.
Entitled: “NATO_secretary_meeting.doc”, it sounded like a communiqué from the Western alliance that Montenegro was soon to join.
However, IT experts say the message was not sent by NATO to update Montenegro on useful information.
It came from a notorious Russian hacking group, which wanted to break into the government’s IT systems and steal state secrets.
Also in January, according to BIRN sources, the Podgorica government received two more similar emails.
The subject line of the first read: “Draft schedule for British army groups’ visit to Montenegro”.
The title of the other was: “Schedule for a European military transfer program”.
All are believed to have come from the same Russian hacker group, which experts say is linked to the Kremlin.
Three international IT security companies say the emails came from APT28, also known as Fancy Bear, which US intelligence services say is connected to the Russian military intelligence service, GRU.
European Union officials also believe that Montenegro suffered a serious cyber attack in June 2017.
Over the last two years, Montenegro authorities have recorded a sharp rise in the number of cyber attacks, mostly targeting state institutions and media outlets.
From only 22 such incidents in 2013, almost 400 were recorded in only nine months of 2017, official data obtained by CIN-CG/ BIRN show.
Not all are related to malware viruses or attacks on state institutions, and not all the attacks can be attributed to Fancy Bear.
But many of the attacks are believed to be linked to the tiny Adriatic country’s decision to join NATO, which infuriated the country’s old ally, Russia.
Montenegro has since tightened up cyber security defences. It has formed a specialised police taskforce to fight cyber crime...