FireEye Inc., the intelligence-led security company, released new information about cyber attacks believed to be by Russian hacking group APT28 on Montenegro.
Earlier this year, FireEye recovered malware samples indicating APT28 targeted the Montenegrin government with cyber attacks. Lure documents used in the spearphishing attacks pertain to a North Atlantic Treaty Organization (NATO) Secretary meeting and another described a visit by a European army unit to Montenegro.
The latter document may have been stolen and then weaponized. Also, Montenegro became the newest member of NATO.
“NATO expansion is often viewed as a security threat by the Russian Federation, and Montenegro's bid for membership was strongly contested by Russia and the pro-Russia political parties in Montenegro. It’s likely that this activity is a part of APT28’s continued focus on targeting various NATO member states, as well as the organisation itself,” explained Tony Cole, VP and CTO, Global Government, at FireEye.
“Russia has strongly opposed Montenegro's NATO accession process and is likely to continue using cyber capabilities to undermine Montenegro's smooth integration into the alliance. Montenegro's accession could increase cyber threat activity directed toward NATO, and provide additional avenues for adversaries like Russia to illicitly access NATO information,” added Cole.
FireEye attributes this activity to Russian hacking group APT28 for several reasons. One is that the Flash exploit framework and GAMEFISH malware are believed to be used exclusively by APT28. Also, the group has previously targeted NATO member states and the attacks also used infrastructure that’s believed to be used by APT28.
FireEye believes it’s unlikely Russia will abandon its interests in Montenegro now that its NATO membership has been confirmed. NATO member states and nations interested in joining the organisation are likely to face an elevated risk of similar activity.