View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 12, 2022

Albania blames Iran for second cyberattack as Tehran denies involvement

By Claudia Glover

Albania has blamed Iran for a second cyberattack on its public sector in a matter of weeks, with computer systems used by its state police taken down over the weekend. The incident came after the government in Tehran denied any involvement in a major distributed denial of service (DDoS) attack on Albania in July, which led to the countries severing diplomatic ties.

Iran has denied responsibility for recent cyberattacks on Albania. (Photo by vanchai tan/Shutterstock)

The new hack on Friday forced the Albanian government to deactivate its Total Information Management System (TIMS), which tracks the data of those entering and leaving Albania. The service was restored on Saturday, but Edi Rama said the attack had been carried out by the same aggressors who were behind the July DDoS strike.

Iran denies it is behind Albania cyberattacks

The July attack led to the websites of the Albanian Parliament and the prime minister’s office, as well as the e-Albania portal used by residents to access public services, being taken offline.

The Albanian government – and the international community – have blamed Iran for the breach, but in a statement released last week, the Permanent Mission of the Islamic Republic of Iran to the United Nations said it rejected “the baseless accusations of the US and the UK against the Islamic Republic of Iran regarding an alleged cyberattack on Albania”.

It goes on to accuse the UK, the US and Nato of ignoring cyberattacks targeting Iran’s infrastructure and nuclear facilities, and of “directly or indirectly supporting those measures”, rendering their criticisms against Iran lacking in “any legitimacy”.

“As a target country and victim of cyberattacks on its critical infrastructure by Nato allies and partners, the Islamic Republic of Iran rejects and condemns any use of cyberspace for attacking other countries,” the statement says.

As reported by Tech Monitor, cyber tensions between Iran and the West have been rising in recent months. In June, Iran’s steel industry was hit by a major cyberattack, thought to be instigated by pro-Israel hackers.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Tirana cuts ties with Tehran

The cyberattack and resulting spat with Iran saw Rama’s government cut diplomatic ties with the Middle Eastern nation.

The US and UK also condemned Iran’s actions, with UK foreign secretary James Cleverly stating “Iran’s reckless actions showed a blatant disregard for the Albanian people, severely restricting their ability to access essential public services,” and that “the UK is supporting our valuable partner and NATO ally”. Cleverly added: “We join Albania and other allies in exposing Iran’s unacceptable actions.”

US Treasury under secretary Brian Nelson said: “We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners. Iran’s cyberattack against Albania disregards norms of responsible peacetime state behaviour in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public.”

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has released an overview of the Iranian cyber threat detailing risks of Iranian APT actors MuddyWater, which it says is “conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors in Asia, Africa, Europe, and North America.” 

MuddyWater has been linked to multiple threat campaigns and tools by security company Cisco Talos. “These threat actors are considered extremely motivated and persistent when it comes to targeting victims across the globe,” the company states in a report. It believes MuddyWater is a collection of subgroups rather than a single entity.

Read more: Altahrea Team hackers claim Israel power plant fire

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.