Albania Cuts Diplomatic Ties With Iran After Cyberattack

US Accuses Iran of Violating Cyber Norms, Vows Further Action
Albania Cuts Diplomatic Ties With Iran After Cyberattack
Albanian Prime Minister Idi Rama giving a speech announcing his government is cutting diplomatic ties with Iran

Albania cut diplomatic ties with Iran following a summer cyberattack that disrupted the country's online governmental services portal. Prime Minister Edi Rama today said he gave Iranian diplomats 24 hours to depart the country after establishing Iranian responsibility for the cyberattack "without a shadow of doubt."

See Also: Malware Analysis Report: DarkGate – From AutoIt to Shellcode Execution

Tehran engaged four threat actor groups to take government portal e-Albania offline in July, Rama said.

Severing diplomatic ties is "proportionate to the gravity and risk of the cyberattack," which sought to erase digital infrastructure, steal state records and "stir chaos and insecurity in the country," he said.

Rama's government announced earlier this year a shift to digitally delivered services tied with the closure of in-person assistance.

The administration of U.S. President Joe Biden said it condemns the cyberattack and mirrored Rama's assertion that Tehran is responsible.

"The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace," said a statement from the National Security Council.

Iran's conduct violated a norm of peacetime behavior in cyberspace by damaging Albanian critical infrastructure that provides services to the public, the statement also said.

Iran's Ministry of Foreign Affairs told the BBC that Rama's claims are "baseless."

Threat intelligence firm Mandiant in August fingered Iran as the likely responsible party for the cyberattack (see: Iranian Group Likely Behind Albanian Government Attack).

Rama's actions today are "possibly the strongest public response to a cyberattack we have ever seen," said John Hultquist, a company vice president for intelligence analysis.

The July cyberattack took place just days before members of the Mujahedin-e-Khalq, a group dedicated to overthrow of the Islamic Republic of Iran, were set to host a two-day conference in the Albanian town of Manëz. About 3,000 members of MEK settled in Albania in the past decade at the behest of the United States. Iran designates MEK as a terrorist group, as did the U.S. government from 1997 through 2012.

A website claiming responsibility for the attacks was set up by an entity calling itself "HomeLand Justice." The website homelandjustice.ru is still active and shows documents that appear to be resident permits belonging to members of MEK.

The presence of MEK, also known as the People's Mujahedin Organization of Iran, in Albania has already caused tension between Tehran and Tirana. Albanian law enforcement in 2018 arrested Iranian operatives for plotting to bomb Persian New Year celebrations held by MEK and expelled Iran's ambassador.


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.