Podcast 🎧 & Blog: Cyber attacks in the Western Balkans and the way out

08.11.2022 | Federico Plantera


It was just June that we were talking about improving cybersecurity capacity in the Western Balkans area. And a few months later, between August and September, the countries of Albania and Montenegro respectively suffered disruptive cyber attacks.

Merle Maigre, Programme Director on Cybersecurity at eGA, joins us again to take stock of the situation. Together with Klaid Mägi, Cybersecurity Strategist at Estonian company RaulWalter, we explore the importance of investigating the attribution and consequences of such attacks, and what to do to increase preparedness and resilience. The episode is hosted by Federico Plantera. Tune in or read the blog below!


Cyber attacks on Albania and Montenegro

Out of the six Western Balkan countries partnering in the Cybersecurity Study presented in June, four have recently experienced cyber incidents. Two of them – Albania and Montenegro – have suffered particularly impactful attacks. “In July, Albania discovered that the digital services provided by two government agencies were totally offline. And after investigating further, it appeared that for over a year attackers managed to infiltrate the systems and exfiltrate data,” Maigre explains.

Tense relations between Albania and Iran ensued, resulting in the cut of existing diplomatic ties, as the latter country was deemed responsible for originating the cyber attacks.

In mid-August, instead, “several state services in Montenegro have been disrupted by attacks aimed at digital components of key infrastructure as well – electricity, water, etc”. Suspicions within the country seem to point fingers toward organized cybercrime groups, although both the FBI and the French cybersecurity services are still researching the matter.


Responses, attribution – is it important to know who did it?

 “It’s pretty interesting that we are always trying to understand who is behind such attacks, or why they did it. I had a similar conversation on the topic just recently with agencies in Costa Rica, a country that also faced huge issues of this kind. But if you look at it from the side of impact and damage, at the end of the day, what’s the difference in knowing that?” Mägi wonders.

He takes a pragmatic approach. “Whether it is due to some kind of random cyber criminals, or state-sponsored groups, impact and damage do not differ much. Yes, I do understand that, from a political point of view, attribution is very important. But from my more technical point of view, if your systems are weak, at some point you will suffer this type of disruptions.”

 “My point of view is: let’s try to build our systems in such a way that won’t make us victims anymore, no matter who is trying to attack us,” Mägi states. “The question of who did it is something you might want to deal with later. But at a more practical and technical level, the priority is to get things back up and running again. When the house is on fire, we focus on putting out that fire,” Maigre continues.


Never let a good crisis go to waste

“It is important to maintain that, after all, none of us is safe vis-à-vis cyber attacks. The question is rather how resilient our systems are, and what is the digital health and security of our national assets in cyberspace,” Maigre explains. 

“This is where the Western Balkans definitely have room to improve, starting from the political framework, and an understanding – by political leadership – of the importance to invest attention, time and money into cybersecurity. And to do that by addressing different dimensions of cybersecurity, such as legislation, risk management, critical information, and infrastructure protection. But also cyber awareness of public officials and the general public,” Maigre says.

“Never let a good crisis go to waste,” but learn from it. A good old lesson to keep in mind and capitalize on, especially when understood the hard way.