The innocent sounding email reached an official of the Montenegrin Defence Ministry in early January 2017.
Entitled: “NATO_secretary_meeting.doc”, it sounded like a communiqué from the Western alliance that Montenegro was soon to join.
However, IT experts say the message was not sent by NATO to update Montenegro on useful information.
It came from a notorious Russian hacking group, which wanted to break into the government’s IT systems and steal state secrets.
Also in January, according to BIRN sources, the Podgorica government received two more similar emails.
The subject line of the first read: “Draft schedule for British army groups’ visit to Montenegro”.
The title of the other was: “Schedule for a European military transfer program”.
All are believed to have come from the same Russian hacker group, which experts say is linked to the Kremlin.
Three international IT security companies say the emails came from APT28, also known as Fancy Bear, which US intelligence services say is connected to the Russian military intelligence service, GRU.
European Union officials also believe that Montenegro suffered a serious cyber attack in June 2017.
Over the last two years, Montenegro authorities have recorded a sharp rise in the number of cyber attacks, mostly targeting state institutions and media outlets.
From only 22 such incidents in 2013, almost 400 were recorded in only nine months of 2017, official data obtained by CIN-CG/ BIRN show.
Not all are related to malware viruses or attacks on state institutions, and not all the attacks can be attributed to Fancy Bear.
But many of the attacks are believed to be linked to the tiny Adriatic country’s decision to join NATO, which infuriated the country’s old ally, Russia.
Montenegro has since tightened up cyber security defences. It has formed a specialised police taskforce to fight cyber crime.
But with only limited resources, the team greatly depends on the help of NATO and other Western countries.
“After serial attacks in early 2017 we sought help from NATO and the UK to help us fight back. We succeed in reducing the damage and repelled two attacks in late 2017,” a senior police officer told CIN-CG/ BIRN, declining to provide details of those actions.
CIN-CG/BIRN’s investigation shows that the rise in cyber attacks coincided with the final phase of the country’s NATO accession negotiations in late 2016.
In addition, Montenegro’s leaders say Russia tried to interfere in the country’s October 16, 2016 general elections, a charge that Moscow has denied.
The authorities and the ruling parties claim that Russia sponsored a coup attempt on the election day.
Several Western governments, including the UK, support that interpretation of events.
The government’s critics, however, insist the coup attempt was faked, and was staged to help the veteran pro-Western leader Milo Djukanovic stay in power.
For more read the full of article at The Balkaninsight
