© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Albania “forced” to sever diplomatic ties with Iran following a massive cyberattack


Albania’s prime minister Edi Rama ordered Iranian embassy staff to leave the country, finding out that Iran was behind a heavy yet unsuccessful attempt to hack government systems and paralyze public services.

A cyberattack on Albania in July forced all government systems and public services websites to shut down.

“On July 15, our country became the target of a heavy cyberattack on the digital infrastructure of the government of the Republic of Albania in a bid to destroy it, paralyze public services, and hack data and electronic communications from the government systems,” Rama said in a televised statement.

He added that the attack failed its purpose, and the damages may be considered minimal compared to the goals of the aggressor.

“All systems came back fully operational, and there was no irreversible wiping of data.”

In cooperation with partners, Albania confirmed “without a shadow of a doubt” that the cyberattack was orchestrated and sponsored by Iran “through the engagement of four groups that enacted the aggression - one of them being a notorious international cyber-terrorism group, which has been a perpetrator and co-perpetrator or earlier cyberattacks targeting Israel, Saudi Arabia, UAE, Jordan, Kuwait, and Cyprus.”

Rama did not specify the advanced persistent threat (APT) groups. However, cybersecurity company Mandiant identified the ROADSWEEP ransomware family and a Telegram persona that targeted the Albanian government in “a politically motivated disruptive operation ahead of an Iranian opposition organization’s conference.” A group calling itself “HomeLand Justice” claimed credit for the cyberattack.

There are more threat actors associated with Iran. The threat group UNC3890 is going after Israel’s shipping, aviation, healthcare, and energy sectors. Bohrium targets users in the Middle East, India, and the US. Charming Kitten stands out in its attempts to compromise high-value accounts in government, academia, NGOs, national security, and journalism.

On September 7, Microsoft published a blog post detailing another Iran-linked threat actor Nemesis Kitten, a sub-group on Phosphorus, saying it conducts malicious network operations, including widespread vulnerability scanning, on behalf of the government of Iran.

Last year, Phosphorus targeted potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia.

On Thursday, Microsoft released a detailed report of the attack, assessing with high confidence multiple attackers were behind it: DEV-0842 deployed the ransomware and wiper malware, DEV-0861 gained initial access and exfiltrated data, DEV-0166 exfiltrated data, and DEV-0133 probed victim infrastructure.

“We have informed accordingly our strategic allies, the NATO member states, and other friendly countries, with whom we have shared the irrefutable evidence resulting from the investigation that corroborates the source of the aggression against our country. The Council of Ministers has decided on the severance of diplomatic relations with the Islamic Republic of Iran with immediate effect,” Rama said.

All the embassy staff were ordered to leave within 24 hours.

“This extreme response that is unwanted but totally forced on us is fully proportionate to the gravity and risk of the cyberattack,” Albania’s prime minister said.


More from Cybernews:

Defense minister's cleaner sentenced for hacking attempt

Hackers attack Israeli hotel reservation sites

Iran law 'will force tech firms to spy on citizens'

Iran “behind cyberattack on sick Boston children”

Iranian hackers target VPNs worldwide

Microsoft and Google email accounts targeted by Iran

Iran-backed threat group targeting Israeli shipping

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked