Kremlin hackers' new target: Montenegro
Their decision to join NATO likely played a part
The prolific Kremlin-backed hacking crew blamed for attacking the US Democratic National Committee last year has targeted the Montenegro government with cyberattacks, according to cybersecurity company FireEye.
The assaults were motivated by Montenegro's decision to join the North Atlantic Treaty Organization (NATO), a move that was confirmed with a ceremony on Monday. APT28 (Advanced Persistent Threat 28), aka Fancy Bear, tried to hack into systems using spear-phishing, a standard hacking tactic involving baiting marks with booby-trapped documents.
Lure documents used in the spear-phishing attacks pertain to a NATO Secretary meeting and another described a visit by a European army unit to Montenegro.
FireEye attributes this activity to Russian cyber espionage group APT28 for several reasons:
- The Flash exploit framework and Gamefish malware are believed to be used exclusively by APT28.
- The group has previously targeted NATO member states and the attacks leveraged infrastructure previously linked to APT28, elsewhere identified as a unit of Russian military intelligence, GRU.
Russia has strongly opposed Montenegro's NATO accession process, so its decision to resort to cyber-spying against a new adversary comes as little surprise.
In February, 2017, after Montenegrin Prime Minister Duško Marković denounced foreign opposition to his country's NATO accession, Montenegro government organizations and media outlets were targeted with intermittent distributed denial-of-service (DDoS) attacks.
FireEye reckons it's unlikely Russia will abandon its interests in Montenegro now that its NATO membership has been confirmed.
"NATO expansion is often viewed as a security threat by the Russian Federation, and Montenegro's bid for membership was strongly contested by Russia and the pro-Russia political parties in Montenegro," Tony Cole, vice president and chief technology officer for global government at FireEye, told journalists today.
"It's likely that this activity is a part of APT28's continued focus on targeting various NATO member states, as well as the organization itself. Russia has strongly opposed Montenegro's NATO accession process and is likely to continue using cyber capabilities to undermine Montenegro's smooth integration into the alliance," Cole added. ®