Accessibility links

Breaking News

Montenegro Seeks To Stare Down Fancy Bear As Election Looms

Over the last two years, authorities in Montenegro have recorded a sharp rise in cyberattacks, mostly targeting state institutions and media outlets in that aspiring EU state on the Adriatic.

With a presidential election looming on April 15, the recent NATO entrant and its 650,000 residents are girding for another possible wave of hacks.

Montenegro and other countries in the Balkans fear meddling from Moscow to further what they believe is an expansion of Russian foreign policy.

Officials in Podgorica feel their country is especially vulnerable, as the winner of the presidential vote is likely to steer Montenegro through early negotiations on EU accession, a move the Kremlin staunchly opposes.

The European Union recently drafted a new expansion strategy that envisages Montenegro joining the bloc by 2025.

"We are doing everything to be prepared the best we can," Milica Jankovic, the head of the Directorate for Electronic Administration and Information Security at the Public Administration Ministry, told RFE/RL.

"We are organizing prevention and monitoring systematically, and we will try to recognize the attacks and predict them before they arise."

The increase in cyberattacks, which security analysts have tied to Russia, coincided with the final phase of the country's NATO negotiations in late 2016.

Jankovic said cyberattacks in 2017 totaled around 700, a 20-fold increase over previous years.

Veteran Montenegrin leader Milo Djukanovic was reported to be a target in the alleged coup attempt
Veteran Montenegrin leader Milo Djukanovic was reported to be a target in the alleged coup attempt

Montenegro's leaders also say Moscow tried to interfere in the country's 2016 general elections, a charge that Russian officials have denied. Adding to that, the authorities and ruling parties claim that Russia sponsored a coup attempt on election day during that vote.

"Attacks with a political background are most commonly occurring in the organization of states, and malicious programs distributed in the service of states are the most massive weapons used by states in the pursuit of their political goals," said Adis Balota, dean of the Faculty of Information Technology at the Mediterranean University in Podgorica.

"Montenegro before every election cycle or change, and not only Montenegro, but also the region -- Macedonia, Serbia, Bosnia-Herzegovina. The activity of such attacks or attempts to attack a certain state infrastructure is always increasing," Balota added.

Montenegro's government has stopped short of officially pinning the attacks on Russian sources.

But IT security firms such as FirstEye and Trend Micro say they have seen evidence tying many of them to APT28, a Russian hacker group also known as Fancy Bear and a half dozen other sobriquets, which has been tied by U.S. intelligence services and private cybersecurity analysts to the Russian military intelligence service, GRU.

Fancy Bear has been accused of attempted election interference and cyberattacks on NATO, the White House, and possibly a handful of German government institutions.

The EU's Agency for Network and Information Security (ENISA) has said Montenegrin infrastructure has been targeted by Fancy Bear.

Russia "is likely to continue using cyber capabilities to undermine Montenegro's smooth integration into the alliance," according to Tony Cole, vice president and chief technology officer for global government at FireEye.

The specter of Russian-initiated cyberattacks and digital meddling has swept Europe and North America in recent years, including in connection with the United Kingdom's Brexit referendum, elections in the United States in 2016, and votes in the Netherlands, Germany, and France last year.

Montenegro last year became the 29th member of NATO, a step that was bitterly criticized by Russia and opposed by some Montenegrins who advocate closer ties with Moscow.

Having seen it up close at home, U.S. Army General Curtis Scaparrotti, who oversees U.S. military forces in Europe and is the supreme allied commander for NATO, warned that the area he is "concerned about today is the Balkans."

"Russia's at work in the Balkans and I think that we've kind of taken our eye off the area," he told a U.S. Senate committee on March 8.

"That is an area we could have problems with in the future," he added.

The Kremlin has strongly denied any role in the attacks on governments, media, or elections worldwide.

Montenegrin presidential candidate Mladen Bojanic (file photo)
Montenegrin presidential candidate Mladen Bojanic (file photo)

Though the campaign in Montenegro's third nationwide vote since it gained independence in 2006 has barely started, analysts speculate that if Moscow were to have a preferred candidate, it would likely be Mladen Bojanic.

Bojanic is a former lawmaker and civil rights activist who opposed joining NATO and is supported by the strongest opposition alliance, the pro-Russian Democratic Front.

He is expected to run against former Prime Minister Milo Djukanovic.

Djukanovic, who has yet to officially announce his candidacy, led the country for more than a quarter of a century before retiring from politics after his Democratic Party of Socialists won general elections in 2016.

He was also one of the targets in the alleged coup plot.

Authorities in Montenegro say Serbian and Russian nationalists plotted to occupy parliament during October 2016 parliamentary elections, assassinate Djukanovic, and install a pro-Russian leadership to halt Montenegro's bid to join NATO.

As with the hacking attempts, the Kremlin has denied claims that "Russian state bodies" were involved in the alleged plot.

Deputy Prime Minister and Public Administration Minister Boris Koprivnikar said the government knows the threat it faces and is doing everything it can to keep hackers at bay.

"Cybersecurity has to be coordinated at the national and international level," he said.

Koprivnikar said that would help ensure "quick response" to cyberthreats to Montenegrin security or its critical infrastructure.

But with a potential watershed election just a month away, officials in Podgorica acknowledge there is no foolproof response to sophisticated cyberthreats like those that some Western governments are convinced have been emanating from Moscow.

"This is an area where you can never say that you're 100-percent protected, because nothing like that exists," said Jankovic.

With reporting by RFE/RL's Balkan Service

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia and hold a Russian passport or are a stateless person residing permanently in Russia, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.