Russia has been accused of being behind a wave of hacker attacks on the websites and social media of state institutions and political parties in Southeast Europe.
While all countries in the region are now EU members or aspiring members, and several have joined Nato, Russia still seeks to maintain its influence in Southeast Europe. Since the invasion of Ukraine in February, there have been fears that Russia would use its remaining influence to destabilise the region.
Montenegro’s National Security Agency (ANB) said on August 26 that several Russian agencies were behind a cyberattack on key IT systems of state institutions earlier in August. Outgoing Prime Minister Dritan Abazovic said that Montenegro was at the peak of a hybrid war.
The following day, Bulgaria’s former ruling Gerb party said it was attacked by Russian hackers who aimed at publications on three specific topics on its social media pages.
The two claims follow an attack on Albanian government servers that brought down most of the recently-launched e-Albania services in July.
Hybrid war in Montenegro
In Montenegro, the ANB said that such an attack has not been seen anywhere else in the world so far. According to ANB, the cyber attack is yet to reach its peak and all the country’s key infrastructure, including the electric power system or water supply, could be targeted.
“This is a very serious thing and this is a very serious attack. We are monitoring the situation, the Agency for National Security, the police directorate and the Ministry of Defence are included. In my assessment, this is a politically motivated attack,” Abazovic said as quoted by RTCG.
Montenegro, an EU candidate country, is supporting all the EU’s sanctions against Russia imposed due to its invasion of Ukraine.
Abazovic added that international partners have been helping the local institutions to deal with the situation since the first attacks earlier in August.
The style of attack was carried out under methodology that was specific for Russian agencies, the ANB noted.
The attacks began a week ago, then since August 25, Montenegro was hit by a new series of cyberattacks, the government in Podgorica said earlier on August 26.
As of August 28, the government’s website was again inaccessible. However, Podgorica says that although certain services have been temporarily shut down for security reasons, the security of citizens and companies is not threatened.
Montenegro has informed its international allies of the details of the attacks, which are similar to earlier ones carried out in 2015 and 2016. At the time, Russian agencies were accused of attacking the IT system of the government in Podgorica ahead of Montenegro's accession to Nato.
Meanwhile, IT expert Dejan Abazovic suggested that the a financial motive for the attacks, pointing out that they were DDOS and Ransomware attacks. He added that the second goal of the attacks was to disable the internet communications between state institutions, as well as their communication with companies and citizens.
Gerb’s social media attacked
On August 27, Bulgaria’s former ruling Gerb party also said it was targeted by Russian hackers, the day after Gerb’s leader Boyko Borissov advised the caretaker government to find a way to resume imports of Russian natural gas.
Gazprom cut off supplies in April when the then government led by Kiril Petkov refused to make payment in rubles. However, ministers from the new caretaker government said they are opening talks with the Russian company on resuming supplies to ensure sufficient gas for the winter and avoid tough financial penalties.
At the same time, Borissov claims he supports the diversification of sources of natural gas.
“Last night, our communications networks in the social networks were hit by hacker attack. More specifically, three publications for gas and the scams made with it. There was a clip and a graphic part, in which the scheme with intermediaries [selling natural gas] was explained. And the third was a distributed fake news that Borissov has said that Gazprom must return to Bulgaria in 2023,” Georg Georgiev of Gerb said at press conference live broadcasted by Dnevnik news outlet on August 27.
Gerb’s cybersecurity experts claim that since the publication of these three stories on Facebook mass attacks with identical comments and made by suspicious profiles have begun. Almost all of them were Russian profiles.
e-Albania shut down
Earlier, Albania was targeted by a massive cyberattack that has caused the shutdown of online government services.
This immediately led to speculation that Russia was behind the attack. A Nato member, Albania is a vocal supporter of Ukraine and part of the Western sanctions on Russia.
Albania’s National Agency for Information Society (AKSHI) announced on July 17 that Albania was facing a sophisticated cyberattack from outside the country.
The government confirmed on the morning of July 18 that the country is facing a massive cybernetic attack.
“This criminal cyber-attack was synchronised … from outside Albania,” said the statement.
The Albanian government took most public services including tax payment online via the e-Albania portal as of May 1 while in-person service windows in government offices and other institutions were shut down.
The move is intended to make it more convenient for citizens to access services and reduce corruption but at the time concerns were voiced about how elderly people and those without access to the internet would manage.