IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

NATO Countries Hit With Unprecedented Cyber Attacks

Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next?

Balkan countries marked on a map.
A headline this past week from Balkan Insight read: “Montenegro Sent Back to Analog by Unprecedented Cyber Attacks.” Here’s an excerpt:

“The digital infrastructure of a major part of Montenegro’s public administration has been offline since August 22 following a ransomware attack that security sources have told BIRN may have been an ‘inside job,’ uploaded directly from a computer connected to a government server.

“The government of the tiny Adriatic republic, a member of NATO, has reported an unprecedented series of cyberattacks on government servers and says it is working to contain the damage.

“Sources say the servers were hit with ransomware, a type of malware attack in which the attacker locks and encrypts the target’s data and important files and then demands a payment to unlock and decrypt the data.”

The Associated Press, meanwhile, covered the U.S. response to help our NATO partners:

“A rapid deployment team of FBI cyber experts is heading to Montenegro to investigate a massive, coordinated attack on the tiny Balkan nation’s government and its services, the country’s Ministry of Internal Affairs announced Wednesday.

“The announcement came as the government’s main websites — including the ministries of defense, finance and interior — remained unreachable. Officials said they were offline ‘for security reasons.’

“The ministry called the FBI assistance ‘another confirmation of the excellent cooperation between the United States of America and Montenegro and a proof that we can count on their support in any situation.’”

One more on this story. Security Affairs offered this:

“‘Coordinated Russian services are behind the cyber attack,’ the ANB said in a statement. ‘This kind of attack was carried out for the first time in Montenegro and it has been prepared for a long period of time.’

“‘I can say with certainty that this attack that Montenegro is experiencing these days comes directly from Russia,’ said Dusan Polovic, a government official.

“However, a cybercriminal extortion gang has claimed responsibility for at least part of the attack, the systems at a parliamentary office were infected with a variant of Cuba ransomware.”


The U.S. Embassy website for Montenegro posted this update on Sept. 1, 2022:

Event: A persistent and ongoing cyber-attack is in process in Montenegro. The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors.

Actions to Take:
  • Be aware of your surroundings.
  • Limit movement and travel to the necessities
  • Review your personal security plans.
  • Have travel documents up to date and easily accessible.
  • Monitor local media for updates.

Coverage by The Hill elaborated on other recent cyber attacks that countries around the world are facing:

“Earlier this month, both Finland and Estonia were victims of a cyberattack, though Estonian officials said they successfully thwarted the attack that targeted the country’s public and private institutions.

“The attack followed the removal of a Soviet war monument from an eastern Estonian city bordering Russia.

“Killnet, a Russian-backed hacking group, claimed responsibility for the attempted attack against Estonia, Reuters reported.”

Back in July of this year, these cyber threats were anticipated: “Cyberattacks are increasingly endangering regions such as the Western Balkans, Europe and broader global areas following the Russian attack on Ukraine, according to a former American general who heads a cybersecurity company contracted by the Albanian government.

“James Jones was invited to parliament on Monday, days after a sophisticated cyber attack crippled online government infrastructure bringing all digital services and government websites offline.

“‘NATO member countries must increase efforts in the face of cyber threats as well as cooperation between intelligence agencies, which is nowhere more urgent than in this region,’ he said.”

And back in April, Balkan Insight reported that cyber attacks hit Romanian websites and the Czech Republic.

The Wall Street Journal reported earlier this year that Finland and Sweden were also being hit by cyber attacks: “Authorities in Sweden and Finland have raised alert levels for cyberattacks, concerned they face increased hacking risks because of the war in Ukraine and the two Nordic countries’ subsequent applications to join NATO.

“Since Russia invaded Ukraine in February, cybersecurity officials in Sweden and Finland haven’t seen an increase in attacks targeting critical infrastructure, though they say the countries are becoming more interesting targets for hacking groups with Russian ties.

“The two Nordic countries applied to join the North Atlantic Treaty Organization on Wednesday, after decades of neutrality.”


In February of this year, 60 Minutes offered the following look at the vulnerability of the U.S. power grid to a cyber attack:
Earlier this year, Transportation Security Administration (TSA) directives took effect which required cyber preparations for rail owners and operators following its imposition of similar requirements on airports and airlines. The key points of those directives included:
  • “(Last) December, the Transportation Security Administration (TSA) issued a pair of Directives establishing cybersecurity measures for high-risk freight rail, passenger rail, and rail transit owners and operators. These directives went into effect December 31, 2021. Specifically, owners and operators must: (1) name a cybersecurity coordinator; (2) report any cyber incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA); (3) develop an incident response plan; and (4) complete a cybersecurity vulnerability assessment.
  • “At the same time, TSA issued an Information Circular recommending that lower-risk rail owners and operators and over-the-road bus owners and operators implement the above requirements voluntarily.
  • “TSA had previously directed airports and airline operators to (1) name a cybersecurity coordinator; and (2) report cyber incidents within 24 hours to CISA.
  • “The resulting deadlines for applicable rail owners and operators are the following:
    • January 7, 2022 – Designate a cybersecurity coordinator
    • March 31, 2022 – Conduct cybersecurity vulnerability assessment
    • June 29, 2022 – Implement a cyber incident response plan”

I have been covering the cybersecurity focus on protecting our critical infrastructure throughout this year, and here are two of those blogs looking at our situation in the U.S.:


You may be wondering: Why the focus on cyber attacks against global countries?

The answer is that these attacks continue to ratchet up. There are also various cyber attacks occurring in Africa, and Costa Rica underwent a series of major cyber attacks that were crippling.

Australia has been actively engaged in many global cyber battles over the past few years as well. I found this report entitled, “‘May the best spy win’: Australia’s intelligence chiefs open up on cyber threats – and feminism,” to offer a rare glimpse into nation-state battles within three-letter agencies.

These are stories that rarely get reported in the mainstream press here in the U.S.

While fear-mongering is certainly not a good thing, it is also not good to cover up (or not report) what is actually happening globally. It is important for public- and private-sector leaders to be aware of what is happening globally.

I continue to think that more cyber attacks will impact U.S. critical infrastructure in the future. We need to stay informed of what is happening and take the appropriate steps with a sense of urgency.

For actionable specifics, you can start with recommendations listed at the end of this piece looking back at the Colonial Pipeline. Or visit:
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.