However, officials in Montenegro claimed that no data was stolen and that no facilities were permanently damaged as a result of the attack. The ANB claimed the country was under “hybrid warfare” and blamed the attack on a Russian-coordinated confrontation. Relations between the two countries have been strained since Montenegro joined NATO in 2017, before Russia threatened retaliation.
The U.S. embassy in Montenegro has since issued a security alert that the Montenegrin government is facing an “ongoing” cyberattack. “The embassy warned: “The attack could include disruption to public utilities, transportation (including border crossings and airports) and the telecommunications sector. Citizens living in the Balkan countries are advised to limit travel, review personal safety plans, and be aware of their surroundings.”
According to malware research group VX-Underground, the Cuban ransomware group claimed responsibility for the attack. On its dark web leak site, the Cuban ransomware group claims it obtained “financial documents, correspondence with bank employees, account changes, balance sheets, tax documents, compensation payments [and] sources from the Montenegrin parliament on August 19 code”.
Montenegro’s premiership has been vacant since August 20, when the country’s parliament voted a no-confidence motion against the ruling government, leading to the government’s collapse.
Cybersecurity firm Profero previously linked the Cuban ransomware group to Russian-speaking hackers, which researchers observed as the group negotiated with victims. But Profero said it believed the group was “not state-backed”.
The ransomware gang has been around since 2019, and last year the FBI issued an alert warning organizations that cybercriminals have been targeting critical infrastructure. The FBI said it had observed about 50 targeted entities and hackers demanded tens of millions of dollars from victims.
The attack on Montenegro comes just months after the Russia-linked Conti ransomware group targeted the Costa Rican government in a weeks-long attack that began in April. In a message posted on his darknet leaks blog, Conti urged Costa Rican citizens to pressure their government to pay the ransom, which the group later doubled to $20 million.