Albania has blamed Iran for a second cyberattack on its public sector in a matter of weeks, with computer systems used by its state police taken down over the weekend. The incident came after the government in Tehran denied any involvement in a major distributed denial of service (DDoS) attack on Albania in July, which led to the countries severing diplomatic ties.
The new hack on Friday forced the Albanian government to deactivate its Total Information Management System (TIMS), which tracks the data of those entering and leaving Albania. The service was restored on Saturday, but Edi Rama said the attack had been carried out by the same aggressors who were behind the July DDoS strike.
Iran denies it is behind Albania cyberattacks
The July attack led to the websites of the Albanian Parliament and the prime minister’s office, as well as the e-Albania portal used by residents to access public services, being taken offline.
The Albanian government – and the international community – have blamed Iran for the breach, but in a statement released last week, the Permanent Mission of the Islamic Republic of Iran to the United Nations said it rejected “the baseless accusations of the US and the UK against the Islamic Republic of Iran regarding an alleged cyberattack on Albania”.
It goes on to accuse the UK, the US and Nato of ignoring cyberattacks targeting Iran’s infrastructure and nuclear facilities, and of “directly or indirectly supporting those measures”, rendering their criticisms against Iran lacking in “any legitimacy”.
“As a target country and victim of cyberattacks on its critical infrastructure by Nato allies and partners, the Islamic Republic of Iran rejects and condemns any use of cyberspace for attacking other countries,” the statement says.
As reported by Tech Monitor, cyber tensions between Iran and the West have been rising in recent months. In June, Iran’s steel industry was hit by a major cyberattack, thought to be instigated by pro-Israel hackers.
Tirana cuts ties with Tehran
The cyberattack and resulting spat with Iran saw Rama’s government cut diplomatic ties with the Middle Eastern nation.
The US and UK also condemned Iran’s actions, with UK foreign secretary James Cleverly stating “Iran’s reckless actions showed a blatant disregard for the Albanian people, severely restricting their ability to access essential public services,” and that “the UK is supporting our valuable partner and NATO ally”. Cleverly added: “We join Albania and other allies in exposing Iran’s unacceptable actions.”
US Treasury under secretary Brian Nelson said: “We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners. Iran’s cyberattack against Albania disregards norms of responsible peacetime state behaviour in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public.”
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has released an overview of the Iranian cyber threat detailing risks of Iranian APT actors MuddyWater, which it says is “conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors in Asia, Africa, Europe, and North America.”
MuddyWater has been linked to multiple threat campaigns and tools by security company Cisco Talos. “These threat actors are considered extremely motivated and persistent when it comes to targeting victims across the globe,” the company states in a report. It believes MuddyWater is a collection of subgroups rather than a single entity.