Zeqiri: Kosovo endangered by cyber operations

Cybersecurity in the Balkans is an area that can be easily attacked and exploited, because the advancement of this field in this region is slower compared to Western countries.

As a result of this, Kosovo has also been frequently endangered and has been the target of cyberattacks aimed at stealing information and hacking government portals.

Bajram Zeqiri - Cyber ​​Threat Researcher, in an exclusive interview for "The Geopost", has revealed the global and regional challenges and threats regarding cybersecurity.

Below you will find the full interview with Mr. Zeqiri:

The Geopost:  How do you see the current situation in the Balkans regarding cybersecurity?

Violence: The Balkans are not immune to cyber attacks, we have the latest case when an unknown actor called "White-Tur" has developed a very sophisticated campaign against the state of Serbia by creating a page similar to the Minister of Defense, where the aim of this campaign was to steal the credentials of military personnel. Also, throughout history, other groups have had their presence in the Balkans, such as the group originating from Iran "DNSpionage", attacking organizations in various sectors such as telecommunications, law enforcement and government agencies in Albania. The presence of other sponsored groups is not lacking in the Balkans, where these groups carry out various operations against Balkan states by stealing state secrets.

The Geopost:  How vulnerable is Kosovo to these attacks?

Violence: Kosovo, like other countries around the globe, is at risk from cyberattacks, not only in the sphere of cybercrime such as ransomware attacks, but also in the sphere of theft of confidential information.

The Geopost:  Where do most attacks come from, Russia or China?

Violence: From a strategic perspective, China, due to its geographical position, does not show much interest in conducting cyber operations in our region, while Russia already has a physical presence in the region, but is also quite present in the cyber realm.

The Geopost: How do you comment on the major cyberattack that occurred last night on banks in Ukraine?

Violence: Since the Revolution of Dignity in 2013, Ukraine has been systematically attacked by Russia in the cyber sphere. The case of the DDoS attack that occurred yesterday against the portals of the PrivatBank and Oschadbank banks and the main portals of the Ministry of Defense and the Armed Forces of Ukraine is just one more cyber operation by Russia, demonstrating its cyber power against Ukraine.

The Geopost:  How does Russia act with concrete attacks on Serbia and other countries?

Violence: Everything varies from the motive of the campaign, which is prepared in advance and then the operation begins. If the campaign aims to steal confidential documentation from the opposing state, groups originating from Russia that are sponsored by the state first carry out the "reconnaissance" or discovery phase, which can last for months until potential victims are discovered and compromised, also looking for weaknesses in technological infrastructure assets.

After the discovery phase, the arsenal of tools is prepared, which tools will be used in this operation. The third phase continues by sending e-mails to their victims or by exploiting the weaknesses in the systems that were identified during the discovery. At the moment of compression / "hacking" these groups are sophisticated enough to stay inside organizations without being detected by security mechanisms.

And the final phase begins with the exfiltration or theft of information that is intended to be stolen, whether it be state secrets or blueprints, patents, military designs, etc.

The groups originating from Russia are quite noisy when carrying out these operations, leaving behind a lot of debris and artifacts while carrying out these operations, but they have a goal of reaching the information they are seeking.

The Geopost:  How much of a risk do Chinese cameras installed in Kosovo and the region pose for the Balkans?

Violence: Most of the CCTV cameras sold in the Kosovo market are products originating from China, such as the brands “Hikvision and Dahua”. These brands are prohibited from being installed within the infrastructure of the US federal government. These brands have been banned since the 2019 National Defense Authorization Act (NDAA).

The cameras that are installed in the North of Kosovo pose a risk and directly violate the national security of Kosovo. Without going into many details of these brands on the technical level. The biggest risk of these cameras is abuse and misuse by various groups and for what reason these cameras are installed. Who monitors those cameras, where are these recordings stored, in which territory are they stored in the cloud and are they stored outside the territory of the Republic of Kosovo. For all these problems that affect the level of national security, the security bodies in Kosovo must definitely act.

The Geopost: How much help do Europe and America provide to block Russian cyberattacks?

Violence: Europe and America contribute in many cases to mitigating cyber attacks, where the National Cyber ​​Security Unit "KOS-CERT" receives classified information from many CERTs of other countries about any attack potentially directed at Kosovo.