The US Federal Bureau of Investigation (FBI) has said it will deploy Cyber Action Teams (CAT) to Montenegro in the wake of a series of “persistent and ongoing” cyber-attacks against the country’s infrastructure.
The country has been suffering a series of cyber-attacks targeted at critical infrastructure including transportation services, electricity and water supply systems and online portals that citizens use to access various state services.
Among those are 150 work stations in 10 state institutions that became infected with malware.
The attacks have forced state-managed IT infrastructure offline and several power plants to switch to manual controls. In a security alert regarding the attacks, the Montenegrin government told citizens they may lead to “disruptions to the public utility, transportation (including border crossings and airport) and telecommunication sectors”.
Officials have described the attacks as “unprecedented” and are believed by Montenegro’s National Security Agency (ANB) to be linked to Russian cyber criminal group using Cuba ransomware. Montenegro’s public administration minister Mara Dukaj said on state television that the group had created a virus called Zerodate specifically for the attack.
Dukaj confirmed that despite the ransomware attacks, the government had not yet been contacted for ransom regarding the compromised systems and documents.
Cuba ransomware is a malware family that was originally discovered in February 2020. It is distributed via Hanticor malware, a remote access trojan (RAT) which gives hackers the ability to remotely interact with or control a compromised device. Cuba ransomware actors use legitimate Windows processes in order to execute malware remotely by utilizing Windows admin privileges.
In November 2021, the FBI issued an official notice saying that Cuba ransomware actors had “compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing and information technology sectors”. They had “demanded at least US$74 mn and received at least US$43.9 mn in ransom payments”.
Cuba ransomware resurges were noted in March and April 2022 by IT security company Trend Micro.
This is not the first time this year that government systems have been directly targeted by cyber-attacks. In July of this year, the Albanian government suffered an “unprecedented and dangerous” cyber-attack which forced the temporary suspension of government sites.
Following the attack, the Albanian National Agency of the Information Society (AKSHI) worked with Microsoft, Jones Group International and information and communications technology teams within Albania in order to prevent the attack from compromising or damaging the systems.
The attacks were later linked to the Iranian government by threat intelligence firm Mandiant.
The Albanian government was hit with a cyber-attack just days after ordering Iranian officials to le…
The streaming service suffered a data breach by a third-party that allowed them unauthorized access…
A phishing-based attack on Twilio has led to a potential 1,900 Signal users phone numbers being acce…
A USB-based worm first discovered in 2021 has been linked to activity by Russian hacking group EvilC…
Uber has reached a non-prosecution settlement with the US Department of Justice following the coveru…
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.