Skip to main content

Who Attacked Montenegro? The Moral and Strategic Hazards of Misassigning Blame

September 21, 2022
Erica D. Lonergan and Maggie Smith


In analysis for Political Violence At A Glance, an IGCC-supported blog dedicated to political violence and its alternatives, Erica D. Lonergan, an assistant professor at West Point, and Maggie Smith, a U.S. Army cyber officer, analyze the moral and strategic hazards around attribution.

A few weeks ago, Montenegro—a NATO member—was hit with a cyber attack that targeted government servers. Montenegro’s outgoing Prime Minister, Dritan Abazovic, initially hedged about potential responsibility for the attack, stating on August 26: “We do not have clear information about the organizers… Security sector authorities couldn’t confirm that there is an individual, a group, a state behind [the attack].” Nevertheless, later that same day officials from Montenegro’s national intelligence agency attributed the attack to Russia. They also implied that the attack was related to Montenegro’s support for Ukraine and push for membership in the European Union. Yet, the extent of Russian involvement in the cyber attack remains ambiguous, which poses significant political and strategic challenges.

Several variables seemed to support the narrative that the Russian government was responsible for the cyber attack. For example, the initial attack on August 20 occurred during a severe political crisis, just after the Montenegrin parliament backed a vote of no confidence that collapsed Abazovic’s minority government. Abazovic—in an about-face on his initial ambiguity—warned that the attack could lead to destabilization. Domestic tensions were further exacerbated when Montenegro joined Albania and North Macedonia in a public appearance with Ukrainian President Volodymyr Zelenskyy to support Ukraine’s bid for full EU membership and to call for the EU to admit the four nations.

Therefore, it was plausible that Montenegro would think Russia might be retaliating for its support of Ukraine. Moreover, the cyber attacks likely felt eerily familiar. Throughout 2016 and 2017, Montenegro was the target of a series of cyber attacks, many of which have been attributed to the Russian- sponsored group APT28. Those attacks also coincided with politically significant events, like the country’s 2016 elections and the subsequent Russian-instigated coup attempt intended to prevent Montenegro from becoming NATO’s 29th member state in 2017.

With fingers pointing at Russia, NATO allies swooped in to support Montenegro. France and the United States sent teams from the National Agency for the Security of Information Systems and the FBI to assist. After all, Russia purportedly added Montenegro to its list of “enemy states” after it joined the EU’s sanctions against Moscow in March. Moreover, NATO has repeatedly emphasized the alliance’s commitment to collective defense against unconventional threats, affirming in June 2021 that Article 5 applied to cyberspace.

The problem is that Russia may not actually be responsible.

Read the full blog post at Political Violence At A Glance