PODGORICA (Reuters) – Montenegro blamed a criminal group called Cuba ransomware for cyber attacks that have hit its government digital infrastructure since last week, described by officials as unprecedented.
Public Administration Minister Maras Dukaj told state television the group had created a special virus for the attack called Zerodate, with 150 work stations in 10 state institutions becoming infected.
Government internet sites have been closed since the attack, which Montenegro’s National Security Agency (ANB) has linked to Russia, although the extent of any data theft is unclear.
“We have already got an official confirmation, it can also be found on the dark web where the documents that were hacked from our system’s computers will be published,” Dukaj said.
The government had not yet received any request for ransom over compromised material, he said.
On its dark web leak site, seen by Reuters, the Cuba ransomware group claimed responsibility for the attack, saying it has obtained “financial documents, correspondence with bank employees, account movements, balance sheets, tax documents,” from Montenegro’s parliament on Aug. 19.
The parliament, which is not on the government’s computer system, denied any data theft, saying that after a period when data was inaccessible on Aug. 20-21 its system was fully recovered and operational. Data the group claimed to have obtained was publicly available on its web portal, it added.
Also, the interior ministry said the U.S. Federal Bureau for Investigation (FBI) will send Cyber Action Teams to Montenegro to help it investigate the attacks.
Government officials have confirmed ANB suspected that Russia was behind the attacks, saying they could be retaliation after NATO-member Montenegro joined European Union sanctions against Russia and expelled several Russian diplomats.
Hackers also attacked Montenegro’s state digital infrastructure on election day in 2016, and then again over a span of several months in 2017 when the former Yugoslav republic was about to join NATO.