Fancy Bear hackers' latest target is the Montenegro government, according to security researchers.
The Kremlin-lined hackers, who are also believed to be behind the DNC (Democratic National Committee) hack, have reportedly targeted Montenegro's government with cyberattacks to retaliate against the nation's decision to join Nato.
Researchers at cybersecurity firm FireEye attributed the attacks against Montenegro to APT28, also known as Fancy Bear, Sofacy and Pawn Storm. FireEye researchers said the hacker group has targeted Nato member states in the past, and the attack techniques used in previous campaigns share similarities with the attacks on Montenegro.
"NATO expansion is often viewed as a security threat by the Russian Federation, and Montenegro's bid for membership was strongly contested by Russia and the pro-Russia political parties in Montenegro. It's likely that this activity is a part of APT28's continued focus on targeting various NATO member states, as well as the organization itself," Tony Cole, vice president and CTO for global government at FireEye, told journalists at a conference on 6 June (Tuesday), The Register reported.
In February, Montenegro's government and media organisations were targeted with intermittent DDoS attacks after prime minister Duško Marković condemned foreign opposition to his country joining the Nato.
FireEye researchers said that the attacks against Montenegro leveraged Gamefish malware and a Flash exploit that is believed to be exclusively used by Fancy Bear hackers.
However, now that Montenegro has officially become a part of Nato, FireEye researchers said it is likely that Russia will not relinquish its interests in the nation.
"It's likely that this activity is a part of APT28's continued focus on targeting various NATO member states, as well as the organization itself. Russia has strongly opposed Montenegro's NATO accession process and is likely to continue using cyber capabilities to undermine Montenegro's smooth integration into the alliance," Cole added.