Type to search

Albania cuts Iran ties over cyberattack, U.S. vows further action


Albania cuts Iran ties over cyberattack, U.S. vows further action


                                         Albania cuts Iran ties over cyberattack, U.S. vows further action

TIRANA, Sept 7, 2022 (Reuters) – Albania severed diplomatic relations with Iran on Wednesday and kicked out its diplomats after a cyberattack in July it blamed on the Islamic Republic, a move Washington supported as it vowed to take action in response to the attack on its NATO ally.

Albania ordered Iranian diplomats and embassy staff to leave within 24 hours.

“The government has decided with immediate effect to end diplomatic relations with the Islamic Republic of Iran,” Prime Minister Edi Rama said in a video statement.

“This extreme response … is fully proportionate to the gravity and risk of the cyberattack that threatened to paralyse public services, erase digital systems and hack into state records, steal government intranet electronic communication and stir chaos and insecurity in the country,” Rama said.

There was no immediate comment from the Iranian Embassy in Tirana. There were no police units around the Iranian embassy premises in Tirana.

The United States said it concluded after weeks of investigation that Iran was behind the “reckless and irresponsible” July 15 cyberattack.

“The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace,” the White House National Security Council said in a statement.


Albania and Iran have had tense relations since 2014, when Albania accepted some 3,000 members of the exiled opposition group People’s Mujahideen Organization of Iran, also known by its Farsi name Mujahideen-e-Khalq, who have settled in a camp near Durres, the country’s main port.

U.S. Cybersecurity firm Mandiant, which noted the hacking activity in a blog post earlier this month, said the group – which had ties to Iran – deployed a complex attack which used malicious data-wiping software against Iranian dissidents.

“This is possibly the strongest public response to a cyberattack we have ever seen,” John Hultquist, Vice President of Intelligence at Mandiant, said in an emailed statement. “While we have seen a host of other diplomatic consequences in the past, they have not been as severe or broad as this action”.

The move comes days after NATO member state Montenegro blamed a criminal group called Cuba Ransomware for a digital attack on its government infrastructure which officials there described as unprecedented.

“Even though the incidents are probably unrelated, regular disruptions to government infrastructure are an alarming trend,” Hultquist said.

Albania has previously said it had foiled several planned attacks by Iranian agents against the Iranian opposition group.

“The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran through the engagement of four groups that enacted the aggression,” Rama said.

The U.S. government has been on the ground for weeks with private sector partners to investigate and help Albania recover from the attack that destroyed government data and disrupted public services, the White House said.

“We have concluded that the Government of Iran conducted this reckless and irresponsible cyberattack and that it is responsible for subsequent hack and leak operations,” it said.

The United States called the attack unprecedented because it said it violated the peacetime norm of not damaging critical infrastructure that the public relied on.



                                 Albania reports 2nd cyberattack by Iran, on border systems

Albania’s Interior Ministry says one of its border systems has been hit by a cyberattack that came from the same Iranian source as an earlier attack that led the country to break diplomatic relations with Iran

                               By LLAZAR SEMINI     |      Associated Press     |     September 10, 2022

TIRANA, Albania — Albania’s Interior Ministry said Saturday that one of its border systems was hit by a cyberattack that came from the same Iranian source as an earlier attack that led the country to break diplomatic relations with Iran. It said in a statement that the previous evening an Albanian police transmitting system was found to be “under a cyberattack similar to the one that (government portal) e-Albania suffered in July.”

“Preliminary results show the attack was committed by the same hand,” the statement said, adding that authorities temporarily closed down all the systems, including the Total Information Management System (TIMS), which records entries and exits at the border crossing. Local media reported long queues in at least two border crossings in the south.

Albania, a NATO member, cut diplomatic ties with Iran and expelled its embassy staff this week. It was the first known case of a country cutting diplomatic relations over a cyberattack. “Another cyberattack from the same aggressors already exposed and denounced by Albania’s allies and friendly countries, was seen last evening on the TIMS system,” Prime Minister Edi Rama tweeted on Saturday, adding that officials are coordinating defensive work with allies.

The Albanian government has accused Iran of carrying out the July 15 attack, which temporarily shut down numerous Albanian government digital services and websites. Microsoft, the FBI and other cyber experts helped Albania following the July attack. Microsoft said in a blog post Thursday that it was moderately confident the hackers belong to a group that has been publicly linked to Iran’s Ministry of Intelligence and Security.

The U.S. government on Friday imposed sanctions on Iran’s intelligence agency and its leadership in response to the attack on Albania. NATO and the European Union also denounced the attack and supported Albania’s move.