Balkan Countries Must Respond Proactively to Evolving Cyber Threats: Report

Cyberattacks in countries such as Albania, Kosovo, Montenegro, North Macedonia, Serbia and Bosnia and Herzegovina underscore a need for stronger cybersecurity frameworks, improved coordination among stakeholders and enhanced public awareness, according to the report.

“This report shows that while governments in the Western Balkans have taken steps to strengthen cybersecurity frameworks, these efforts are often reactive rather than proactive. Institutional advancements frequently come in response to major cyber incidents rather than as part of a strategic, forward-thinking approach,” said Amina Mahovic, manager of BIRN’s Digital Rights Programme.

“Many reforms are shaped by external pressures, such as EU directives, rather than by a genuine commitment to addressing local cybersecurity vulnerabilities,” Mahovic added.

Attacks often linked to Russia

The Western Balkans has seen a surge in cyberattacks since 2022, particularly since Russia’s full-scale invasion of Ukraine, which heightened geopolitical tensions and triggered a wave of state-sponsored and criminal cyber operations. 

In Montenegro, a massive cyberattack in August 2022, attributed to Russian-speaking criminal groups, disrupted key government services for weeks. Kosovo also experienced cyberattacks, with officials attributing them to Russian actors, in retaliation for Kosovo’s support for Ukraine.

However, other states are also called out. Iranian state actors were blamed for a series of cyberattacks on Albania in 2022, which led to Albania severing diplomatic ties with Tehran. The attacks, targeting Albania’s e-government systems, were seen as retaliation by Iran for Albania’s hosting of the Iranian opposition group Mujahedin-e-Khalq, MEK. 

All these incidents highlight the growing role of cyberattacks as tools of geopolitical coercion, enabling states to exert influence and disrupt adversaries while maintaining plausible deniability, the report says. 

The ambiguity of cyber warfare allows states to deny involvement, complicating accountability and response efforts.

Critical infrastructure increasingly targeted

The region has seen a rise in cyberattacks targeting critical infrastructure, including energy, healthcare, and financial systems, the report says. 

In Albania, a 2022 attack on the e-Albania system disrupted public services for days, while in Montenegro, a prolonged cyberattack crippled government institutions, delaying social welfare payments and public procurement. 

Kosovo faced attacks on its telecommunications infrastructure and media regulatory bodies. North Macedonia and Serbia experienced breaches in their education and energy sectors, respectively.

“Unfortunately, for more than three years, North Macedonia has operated without a national cybersecurity strategy, creating a significant gap in our preparedness against emerging threats. The absence of a comprehensive cybersecurity law has left both institutions and citizens vulnerable,” said Stefan Andonovski, the country’s Minister for Digital Transformation.

In Bosnia and Herzegovina, ransomware attacks paralysed the Parliamentary Assembly’s IT systems in 2022 and disrupted the healthcare system in Bosnia’s Republika Srpska entity in 2024. The attacks exposed Bosnia’s unpreparedness, with outdated technology, insufficient security measures and fragmented legal frameworks exacerbating vulnerabilities.

Data breaches have become a significant concern, with sensitive personal and government data being exposed and sold on the dark web. In Turkey, a 2023 breach of the e-government platform exposed citizens’ personal information, including ID details and health records, which were sold online. 

In Serbia, a 2022 attack on the Republic Geodetic Authority compromised sensitive property records, while a 2023 breach at the state-owned energy provider Elektroprivreda Srbije, EPS, exposed employees’ data. These incidents highlight the need for robust data protection regulations and greater institutional transparency, according to the report.

Media organisations and civil society groups in the Western Balkans have increasingly become targets of cyberattacks, with threats including phishing, DDoS attacks, and data breaches. 

Independent media outlets such as Albania’s Citizens Channel and Bosnia’s BUKA have faced sustained attacks aimed at silencing critical reporting. In Serbia, journalists have been targeted with spyware and digital surveillance, reflecting a broader trend of state-led repression. BIRN’s report says such attacks not only threaten press freedom but also undermine democratic governance and societal resilience.

The situation in Serbia is particularly challenging due to the absence of cooperation and a profound lack of trust between civil society and the government, according to Maja Bjelos, from the Belgrade Centre for Security Policy, BCSP. 

“Our organisation faces direct threats from the government, including targeted smear campaigns, acts of intimidation, and intrusive measures such as eavesdropping and surveillance,” Bjelos said. Such tactics not only undermine BSCP’s efforts but also create a hostile environment for civil society as a whole, stifling independent voices and discouraging civic engagement, she added.

Responses too often merely reactive

In response to evolving cyber threats, various governments in the Western Balkans have taken steps to enhance their cybersecurity capabilities. 

Kosovo has been working to establish a Cyber Security Agency, CSA, and launched a State Training Centre for Cyber Security in 2024. 

Albania has adopted a new Cybersecurity Law and National Cybersecurity Strategy while Montenegro has expanded its cybercrime units and adopted legislation aligned with the EU’s NIS2 Directive. 

However, these efforts have often been reactive, spurred by major incidents rather than proactive planning.

Bosnia’s challenges include the lack of a unified Computer Emergency Response Team, CERT, and a comprehensive national cybersecurity strategy. While the Republika Srpska entity has taken a more proactive approach, adopting an Information Security Law in 2011 and establishing a national CERT in 2015, the Federation entity has lagged behind, only introducing a Draft Law on Information Security in 2022. At state level, progress has been slow, with a Law on Network and Information Security still in its early stages.

International and regional cooperation vital

International cooperation plays a crucial role in addressing cybersecurity threats in the Western Balkans, according to the report. 

Following the 2022 cyberattacks in Albania, Tirana collaborated with the FBI and Microsoft to restore its systems. Bosnia has engaged with international stakeholders like the UNDP, the OSCE and the EU Delegation to enhance its cybersecurity capabilities. 

Regional initiatives, such as the Regional Cooperation Council, have also been instrumental in fostering collaboration and aligning cybersecurity legislation with EU standards.

However, the report highlights that while Western Balkan governments have made strides in developing legal frameworks and establishing new institutions, cybersecurity efforts are too often driven by external pressures such as EU directives. 

A proactive approach to addressing local challenges and potential threats is needed – not just in response to major incidents – the report concludes.