Hackers linked to Russian intelligence targeted Montenegro earlier this year, according to the security firm FireEye.
FireEye tied the attack to Russia via infrastructure and malware exclusively used by the group APT 28, one of the hacking corps believed to have disrupted the 2016 U.S. elections.
Montenegro formally joined NATO Monday, a move Russia and pro-Russian groups in the former-Yugoslavian nation had opposed.
“NATO expansion is often viewed as a security threat by the Russian Federation, and Montenegro's bid for membership was strongly contested by Russia and the pro-Russia political parties in Montenegro. It’s likely that this activity is a part of APT28’s continued focus on targeting various NATO member states, as well as the organisation itself,” said Tony Cole, vice president and chief technology officer for global government at FireEye, during a press briefing.
The phishing attacks used documents related to European military movements and NATO meetings to try to lure potential victims.
APT 28, also known as Fancy Bear and Sofacy, is known to regularly use phishing attacks to gain access to systems.