Silent and crippling, a digital war on the Balkans

A wave of cyberattacks targeting governments of four western Balkan nations has crippled official websites and utility services and even led to a diplomatic spat between Albania and Iran in what is seen as a coordinated strike on NATO members.

Montenegro faced the worst of the online war that disrupted government services and prompted the country’s electrical utility to switch to manual control. The government was forced to seek the help of the US, which quickly sent a team of FBI cyber experts to investigate the massive, coordinated attacks.

Albania, which has been facing a series of cyberattacks since July 15, reported the latest such digital intrusion on September 10 when hackers targeted its TIMS system, which regulates the entry and exit of individuals from the country and forms the core of its border control.

Milan Stefanoski, a security management expert and vice president of the Skopje-based Association for Corporate Security, an NGO, was quoted as saying that the Balkan region was facing “a special Internet war of sorts”.

Iran angle

In mid-July, Albanian Prime Minister Edi Rama blamed four hacker groups linked to Iran for a malicious targeting of its e-Albania platform that forced the Ministry of Education and Sports to postpone the deadline for registration of primary school pupils for an unspecified period of time.

The Ministry of Internal Affairs of Albania was also forced to reopen its offices of the civil registry for some time.

Relations between Albania and Iran nosedived in 2014, when the Balkan country gave sanctuary to about 3,000 members of the exiled opposition group People's Mojahedin Organization of Iran. The group have since settled in a camp near Durres, Albania main port.

On September 7, Tirana cut off diplomatic ties with Tehran and ordered all Iranian diplomats and embassy staff to leave within 24 hours. The decision was taken after a joint probe with the US blamed Iran for the series of cyberattacks. 

Rama justified “this extreme response” as “fully proportionate to the gravity and risk of the cyberattack that threatened to paralyse public services, erase digital systems and hack into state records, steal government intranet electronic communication and stir chaos and insecurity in the country.”

Montenegro under siege

The most sophisticated and sustained cyberattack in recent times was unleashed on Montenegro with a hacker group called the ‘Ransomware Cuba’ blamed for the targeting of the country’s digital infrastructure.

Montenegrin authorities emphasised that these attacks, which began in August, consisted of a combination of several different methods, including ransomware and denial-of-service.

Public Administration Minister Maras Dukaj told state television that the group created a special virus for the attack called Zerodate that infected 150-odd workstations in 10 state institutions.

The Cuba Ransomware group claimed responsibility for the attack on the dark web, and said it has obtained “financial documents, correspondence with bank employees, account movements, balance sheets, tax documents”, from Montenegro’s parliament.

The government, however, said early detection of the attack allowed it to ensure that key systems remained protected.

The Balkan state joined NATO in 2017 despite strong opposition from the Kremlin. It has also joined Western sanctions against Moscow over the Russian offensive on Ukraine.

Kosovo cut off

Last week, Kosovo’s public institutions were cut off from the Internet in a cyberattack which originated from outside the country.

Government spokesman Perparim Kryeziu said the cyberattack could not penetrate the infrastructure of the state computer network as it was blocked by “appropriate security equipment”.

“It was identified that the cyber attack came from outside Kosovo, and the target was the IP where several websites of the institutions of the Republic of Kosovo were published. The Agency for Information Society, or rather the cyber security team, took specific actions in order to overcome this cyber attack and restore the internet service,” Kryeziu added.

North Macedonia not immune

The website of the Ministry of Education and Science in North Macedonia is also down as a result of a cyberattack on Saturday. The heads of the ministry, in cooperation with other state institutions, announced that they are working on re-activating the website and that the citizens’ data are safe.

The National Centre for Computer Incident Response has urged all state institutions to double-check and beef up their online security protocols against potential cyberattacks after the latest targeting of the ministry website.

Last year, cyberattacks against the State Statistical Office were registered when a population census process was being conducted in the country.