California-based Cybersecurity company FireEye released specific documents in a media briefing yesterday which proved that Russian hackers group APT28 launched a cyber attack on Montenegro for joining NATO alliance. As Russia views NATO expansion a security threat to its federation, it was not happy with the decision of Montenegro’s government to join the NATO membership.
For this reason, APT28 was asked to cyber target various NATO states including Montenegro which became the member yesterday.
As per the sources reporting to Cybersecurity Insiders, APT28 launched cyber attacks on the government of Montenegro using spear phishing tools. And the attack yielded documents related to the NATO’s secretary meeting and related text which describes the visit of European army unit to Montenegro.
APT28 is said to have presented the stolen document to Russian’ President Vladimir Putin who asked to weaponize the document even further.
Tony Cole, Vice President and CTO of FireEye said that Russia was opposing Montenegro’s interest of joining NATO from the beginning and in retaliation to the decision of Montenegro, APT28 was asked to target the European nation.
FireEye attributes the cyber attack influence of APT28 on Montenegro for several reasons. The first reason is that the Flash Exploit Framework and GAMEFISH malware are believed to be exclusively developed and used by APT28. Next, the group has previously targeted NATO member states and the infrastructure used to launch the cyber attacks on Montenegro and other NATO member states were same.
Note- In Feb’17, the Montenegro Prime Minister Dusko Markovic denounced the foreign nation opposition on his country’s decision to become a NATO member. As a result of this decision, Russia’s APT28 launched cyber attacks on the prime minister, several government organizations and media outlets based in the Balkan country. And the cyber attack of APT28 which is now in the discussion is the one which was launched in February of this year.
