In a short segment on national television on Monday, North Macedonia’s former prime minister and current minister of internal affairs, Oliver Spasovski, said that some recent bomb threats have been traced back to IP addresses in Russia and Iran, along with cryptocurrency payments made to VPN services.
North Macedonia and other Balkan nations have been bombarded with daily hoax bomb threats since October, causing widespread disruptions to schools, hospitals, hotels, shopping malls, museums, sports venues, and more. Over 700 threats and 400 evacuations have taken place across the country — no explosives have been found so far.
“In recent days, emails have been sent from addresses in Iran and Russia, and payments to VPN services made by cryptocurrencies, which makes tracking difficult,” Spasovski said on Television 24. Further details weren’t shared.
This is the first time North Macedonia’s government has publicly linked the disruptive bomb threats to Russia and Iran. Last week, Spasovski said police had strong indications where the threats were coming from abroad, yet didn’t elaborate further. In past statements, current prime minister Dimitar Kovachevski alluded to these “acts of terrorism” as stemming from its pro-Ukraine stance, which reportedly worsened after North Macedonia participated in sanctions against Russia.
This unprecedented form of terrorism, which the government refers to as “hybrid warfare,” has had major impacts on public systems. On February 8, a cyber attack on the state-run Health Insurance Fund left insured people without access to healthcare and health workers without salaries. IT experts took 12 days to fully restore the system.
Online teaching temporarily returned to North Macedonia, as bomb threats routinely sent children and teachers rushing to safety until police bomb squads could clear the schools. By the time the threat was identified as a hoax, another day of learning was lost. The Union of Secondary School Students estimate that in the first half of this current academic year, about 10 weeks of classes were lost due to hoax bomb threats.
It remains unclear how many hoax bomb threats have been tied to Iran and Russia. However, authorities have stated that a handful of threats made were ‘copycat’ attempts by students to further disrupt classes.
North Macedonia increases cyber security measures in response to hoax threats
On February 21, authorities in North Macedonia vowed to adopt high-priority measures to improve security in public sectors and address these bomb threats efficiently, particularly in health institutions and schools.
Spasovski said that new instructions on risk assessment will allow schools to remain open moving forward, yet stressed the need for secrecy as to what these specific measures will be.
“We have created an operational team of different participating institutions with their own experts and we are looking for appropriate solutions to find a different approach to electronic threats,” Spasovski stated.
“As a minister, I brought new guidelines for action and from Friday the schools are functioning according to those guidelines.”
In addition, new security measures in North Macedonia include:
- State administration must appoint a person to report security incidents in a timely manner to the National Computer Incident Response Center (MKD-CIRT).
- Cyber security training for employees in state administration is now required.
- The government recommends the MKD-CIRT file reports on cyber security checks of major institutions.
North Macedonia joined NATO in 2020 and opened talks to join the European Union in July 2022. In March 2022, Moscow placed the nation on its list of “unfriendly countries.” Last month, the EU announced emergency loans of up to €100 million to North Macedonia as part of financial efforts to support nations in crisis.