NATO countries hit by unprecedented cyberattacks

Montenegro, Estonia and new NATO candidate Finland are just three of the countries hard hit by sophisticated cyberattacks. What’s going on and who’s next?

04 September 2022 •

Dan Lohrman


A headline last week from Overview of the Balkans Lily: “Montenegro returned to analogue by unprecedented cyberattacks.” Here is an exerpt :

“The digital infrastructure of much of Montenegro’s public administration has been offline since August 22 following a ransomware attack that security sources say may have been an ‘inside job’. downloaded directly from a computer connected to a government server.

“The government of the tiny Adriatic republic, a member of NATO, has reported an unprecedented series of cyberattacks on government servers and says it is working to contain the damage.

“Sources say the servers were hit by ransomware, a type of malware attack in which the attacker locks and encrypts the target’s important data and files, then demands payment to unlock and decrypt the data. .”

The Associated Pressmeanwhile, covered the American response to help our NATO partners:

“A rapid deployment team of FBI cybersecurity experts is traveling to Montenegro to investigate a massive and coordinated attack on the government and its services in the small Balkan nation, the country’s interior ministry said Wednesday.

“The announcement came as key government websites – including the ministries of defence, finance and interior – remained inaccessible. Officials said they were offline “for security reasons.”

“The department called the FBI assistance “further confirmation of the excellent cooperation between the United States of America and Montenegro and proof that we can count on their support in all situations.”

One more on this story. Security cases offered this:

“‘Coordinated Russian services are behind the cyberattack,’ the ANB said in a statement. statement. “This type of attack was carried out for the first time in Montenegro and it has been prepared for a long time.”

“’I can say with certainty that this attack that Montenegro is undergoing these days comes directly from Russia,’ said Dusan Polovic, a government official.

“However, an extortion gang of cybercriminals claimed at least part of the attack, the systems of a parliamentary office were infected with a variant of Cuba ransomware.”


The website of the United States Embassy for Montenegro released this update September 1, 2022:

Event: A persistent and continuous cyber-attack is ongoing in Montenegro. The attack may include disruptions to utilities, transportation (including border crossings and the airport), and telecommunications.

Actions to take:

  • Be aware of your surroundings.
  • Limit movement and movement to necessities
  • Review your personal safety plans.
  • Have up-to-date and easily accessible travel documents.
  • Monitor local media for updates.

Coverage by The hill elaborated on other recent cyberattacks that countries around the world are facing:

“Earlier this month, the two Finland and Estonia were victims of a cyberattack, although Estonian officials said they managed to thwart the attack which targeted public and private institutions in the country.

“The attack followed the removal of a Soviet war memorial from a town in eastern Estonia on the border with Russia.

“Killnet, a Russian-backed hacking group, claimed responsibility for the attempted attack on Estonia, Reuters reported.”

In July of this year, these cyber threats were anticipated: “Cyberattacks are increasingly endangering regions such as the Western Balkans, Europe and wider parts of the world following the Russian attack on Ukraine, according to a former US general who heads a company cybersecurity company under contract with the Albanian government.

“James Jones was invited to Parliament on Monday, days after a sophisticated cyberattack crippled online government infrastructure, knocking all digital services and government websites offline.

“‘NATO member countries must redouble their efforts in the face of cyber threats as well as cooperation between intelligence agencies, which is nowhere more urgent than in this region,’ he said.”

And in April, Overview of the Balkans reported that cyberattacks hit Romanian websites and the Czech Republic.

The Wall Street Journal reported earlier this year that Finland and Sweden have also been hit by cyberattacks: “Authorities in Sweden and Finland have raised alert levels for cyberattacks, fearing they face heightened hacking risks due to the war in Ukraine and the two Nordic countries’ subsequent bids to join NATO.

“Since Russia invaded Ukraine in February, cybersecurity officials in Sweden and Finland have not seen an increase in attacks targeting critical infrastructure, although they say countries are becoming more targeted. interesting for hacking groups with ties to Russia.

“The two Nordic countries applied on Wednesday to join the North Atlantic Treaty Organization, after decades of neutrality.”


In February of this year, 60 minutes offered the following look at the vulnerability of the US electrical grid to a cyberattack:

Earlier this year, Transportation Security Administration (TSA) guidelines went into effect, which need for e-readiness for railway owners and operators following the imposition of similar requirements on airports and airlines. The key points of these guidelines included:

  • “(Last December), the Transportation Security Administration (TSA) released a pair of guidelines establishing cybersecurity measures for owners and operators of high-risk freight, passenger and railroad transportation. These guidelines came into effect on December 31, 2021. Specifically, owners and operators must: (1) appoint a Cyber ​​Security Coordinator; (2) report any cyber incident within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA); (3) develop an incident response plan; and (4) perform a cybersecurity vulnerability assessment.
  • “At the same time, the TSA issued an advisory circular recommending that low-risk railroad owners and operators and highway bus owners and operators voluntarily implement the above requirements.
  • “TSA previously asked airports and airline operators to (1) appoint a cybersecurity coordinator; and (2) report cyber incidents within 24 hours to CISA.
  • “The resulting delays for affected railway owners and operators are as follows:
    • January 7, 2022 – Appoint a cybersecurity coordinator
    • March 31, 2022 – Perform a Cyber ​​Security Vulnerability Assessment
    • June 29, 2022 – Implement a cyber incident response plan »
I’ve covered the cybersecurity focus on protecting our critical infrastructure throughout this year, and here are two such blogs looking at our situation in the United States:


You may be wondering:

These are stories that are rarely reported in the mainstream press here in the United States.

While alarmism is certainly not a good thing, it is also not good to hide (or not report) what is really happening in the world. It is important that leaders in the public and private sectors are aware of what is happening globally.

I continue to believe that more cyberattacks will impact US critical infrastructure in the future. We must stay informed of what is happening and take appropriate action with a sense of urgency.

cyber securityRansomware

Dan Lohrmann

Daniel J. Lohrmann is an internationally acclaimed cybersecurity leader, technologist, keynote speaker, and author.

See more stories by Dan Lohrmann

*** This is a syndicated blog from the Security Bloggers Network of Lohrmann on cybersecurity written by Lohrmann on cybersecurity. Read the original post at:

Source link