With Russia’s invasion of Ukraine, the rapprochement and integration efforts of Eastern European and Balkan nations towards the European Union (EU) and North Atlantic Treaty Organization (NATO) have accelerated. Moldova and Georgia have also made formal bids for membership in the EU, in addition to Ukraine.[1] Currently, Moldova, Albania, Montenegro, and Serbia are EU candidates.[2] Bosnia and Herzegovina, Kosovo, and Georgia are still in the midst of EU harmonization discussions.
Georgia, Sweden, Bosnia and Herzegovina, and Ukraine are attempting to join NATO. On the other hand, following the invasion of Ukraine, Sweden and Finland also submitted applications to join NATO. Estonia is home to NATO’s cybersecurity center, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).
Due to the historical process experienced after the Cold War Period, it has been noted that the Balkan states often pursue the policy of “drawing away from the East and growing closer to the West.” In light of the geopolitical process they are currently experiencing, the Balkan nations have begun to position themselves in opposition to the strategies adopted by the “Eastern” countries.
Following the Ukrainian War, many cyberattacks were launched against Albania, Montenegro, Kosovo, and North Macedonia. This study examines the political motivations behind the cyberattacks, as well as the sources from which they were launched.
Cyber Attacks in the Balkan Countries in 2022
1. Albania
Edi Rama, the Prime Minister of Albania, said in July 2022 that the Ministry of Education, Sports, and Youth’s computer systems had been targeted by four organizations with ties to Iran. As a matter of fact, on September 7, 2022, Albania officially severed diplomatic relations with Iran.[3] Iranian diplomats had to leave Albania within 24 hours. According to Prime Minister Rama, attempts were made to access the state’s registration information as well as damage the electronic systems network and disrupt public services. The United States (US) has provided technical support, openly stating that it was supporting Albania in the face of the attacks. In response to the cyber-attack, the US National Security Council said that it will retaliate against Iran on the basis that “the security of a US ally is jeopardized.” According to Microsoft Security Threat Intelligence, Iran sponsored the cyberattack against Albania.[4]
2. Montenegro
Ransomware and denial of service attack on Montenegro began in August 2022 and was conducted by a “hacker” group known as “Ransomware Cuba.”[5] Due to the country’s justice institutions being unable to access the Internet, several court proceedings had to be delayed. Minister of Public Administration Maras Dukaj stated that about 150 operating units and 10 government agencies were affected by the attacks. The “hacker” group claimed responsibility for the attack and disclosed that it had acquired several financial records from the Parliament of Montenegro, including bank transfer papers, balance sheet data, and tax documents. According to Montenegro’s National Security Agency, Russia was behind the hack that temporarily shut down the governmental websites. According to government officials, the attacks were carried out as a Russian-backed retaliation against Montenegro’s participation in the EU’s financial sanctions against Russia and the expulsion of Russian diplomats by Podgorica. The Ministry of Defense of Montenegro reports that 50 “phishing” assaults and 7,600 other malware-related threats have been thwarted in the last two years.
3. Kosovo
On February 26, 2022, the Ministry of Internal Affairs of Kosovo announced that it was under a large-scale “phishing” attack.[6] The authorities’ intervention prevented the attack. However, a cyberattack launched from abroad in September 2022 temporarily shut down Internet access for the nation’s governmental institutions.[7] The attack was prevented by taking the necessary precautions, according to the government of Kosovo’s Spokesperson Perparim Kryeziu, who also claimed that there was no leak from the state’s infrastructure or computer network. The attack was directed at the internet protocols that the government uses to access websites. Immediately after the attack, the Kosovo government drafted a bill for the establishment of a public institution in charge of cybersecurity. The draft was approved. Another attack in the country was carried out against Kosovo Telecom. This attack, which was stopped quickly, blocked the access of mobile and fixed devices to the Internet for a short time.
4. North Macedonia
The website of the Ministry of Education and Science of North Macedonia was temporarily taken out of service due to a cyber-attack in September 2022. Following a joint cyber assessment with other governmental bodies, ministry officials declared that the citizen data were secure. After the incident, all government institutions’ online security procedures were inspected by the country’s relevant institution, which is in charge of cyber security. Many institutions and official websites of the country have recently been “hacked” by the “Powerful Greek Army”.[8]
In conclusion, after the Russian invasion of Ukraine, serious changes have taken place in the policies of international and national actors. One of the most important changes is that Eastern European and Balkan countries and NATO countries have become strategic partners. NATO has considerably accelerated its initiatives regarding the Balkan countries.[9]
It has been observed that the dates of the cyberattacks on the Balkan countries are close together. In the cases where the groups carrying out the attacks are identified; it is seen that the attackers are supported by countries that are in direct conflict with NATO. Looking at the timeline from the start of Covid-19 to the present, it is evident that the attacks become more frequent during the Ukraine War, particularly in September 2022. This process also coincides with a time when Eastern European and Balkan countries are attempting a speedy integration into NATO and the EU. However, it might be stated that the relatively local political and historical tensions with Greece serve as grounds for the cyberattacks in North Macedonia. These cyberattacks have had a significant impact on the Balkan countries, which are now working to reform cyber security and cooperate on a regional and national basis.
[1] “Georgia, Moldova Follow Ukraine In Applying to Join EU”, Laurenz Gehrke, Politico, https://www.politico.eu/article/georgia-and-moldova-apply-for-eu-membership /, (Date of Accession: 07.10.2022).
[2] “Candidate Countries and Potential Countries”, European Commission, https://ec.europa.eu/environment/enlarg/candidates.htm#:~:text=Albania%2C%20Moldova%2C%20the%20Republic%20of,possible%20request%20for%20transition%20periods, (Date of Accession: 07.10.2022).
[3] “Albania Cuts Iran Ties Over Cyberattack, U.S. Vows Further Action”, Reuters, https://www.reuters.com/world/albania-cuts-iran-ties-orders-diplomats-go-after-cyber-attack-pm-says-2022-09-07/, (Date of Accession: 07.10.2022).
[4] “Microsoft Investigates Iranian Attacks Against the Albanian Government”, Microsoft Security Threat Intelligence, https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/, (Date of Accession: 07.10.2022).
[5] “Montenegro Blames Criminal Gang for Cyber Attacks on Government”, Reuters, https://www.reuters.com/world/europe/montenegro-blames-criminal-gang-cyber-attacks-government-2022-08-31/, (Date of Accession: 07.10.2022).
[6] “Institucionet E Kosovës Shënjestër E Një Sulmi Kibernetik, Por Pa Don’t Say”, Ministry of Interior of Kosovo, https://klankosova.tv/institucionet-e-kosoves-shenjester-e-nje-sulmi-kibernetik-por-pa-deme/, (Date of Accession: 07.10.2022).
[7] “Kosovo to Establish Agency for Cyber Security Amid Recent Attacks”, Emirjeta Vllahiu, https://balkaninsight.com/2022/09/14/kosovo-to-establish-agency-for-cyber-security-amid-recent-attacks/, (Date of Accession: 07.10.2022).
[8] “Cyber Attacks a Growing Threat to Unprepared Balkan States”, Balkan Insight, https://balkaninsight.com/2021/03/10/cyber-attacks-a-growing-threat-to-unprepared-balkan-states/, (Date of Accession: 07.10.2022).
[9] “The West is Shoring Up its Vulnerabilities in the Baltic – The NATO Summit Should End the Zombie Policy on the Balkans Too”, Just Security, https://www.justsecurity.org/82086/the-west-is-shoring-up-its-vulnerabilities-in-the-baltic-the-nato-summit-should-end-the-zombie-policy-on-the-balkans-too/, (Date of Accession: 07.10.2022).
