Iranian Cyber-Attacks on Albania
Q: Why did Albania sever relations with Iran?
A: On September 7, Albanian Prime Minister Edi Rama said that an investigation uncovered "incontrovertible evidence" that Iran had hired four groups to mount a cyber-attack on Albania on July 15. In response, Albania severed diplomatic ties with Iran.
Q: How did Iran respond to the diplomatic fallout?
A: Iran rejected PM Rama’s claims as "baseless" and described Albania’s decision as "anti-Iranian." Iran’s foreign ministry condemned Albania’s decision, suggesting in a statement that "third parties" may have been involved in leveling accusations against Iran.
Q: Is Iran to blame?
A: Iran’s involvement in the cyber-attacks was verified by reports conducted by Microsoft and Mandiant — an American cyber-security firm. Mandiant stated that a number of threat actors who operated in support of Iran were involved in the attacks while Microsoft uncovered the attempted deletion of data on an Albanian server by groups linked to the Iranian government.
Q: Was this attack a one-time incident?
A: No, fresh cyber-attacks were conducted against Albania on September 9. In a statement the following day, PM Rama stated that “another cyber-attack by the same aggressors, already exposed and condemned even by Albania’s friendly and allied countries, was recorded last night on the TIMS system. Meanwhile, we continue to work around the clock with our allies to make our digital systems impenetrable.”
Q: What did the cyber-attacks target?
A: The July cyber-attacks “threatened to paralyze public services, erase digital systems and hack into state records, steal government intranet electronic communication and stir chaos and insecurity in the country.” The goal of the hacking groups had been “the destruction of the digital infrastructure of the government of the Republic of Albania.”
The September attacks targeted the country’s Traveler Information Management System (TIMS). The attack reportedly caused chaos at Albania’s borders as it resulted in long lines on border points, where the registration of citizens and vehicles entering and leaving the country had to be done manually.
Q: What are the possible motives for Iran’s actions?
A: Albania and Iran have had tense diplomatic relations since 2014 when Albania accepted approximately 3,000 members of an exiled Iranian opposition group, Mujahideen-e-Khalq’ (MEK), seeking to overthrow the Iranian government as refugees.
July’s attacks occurred only a few days before the start of a conference in the town of Manez, which was affiliated with the MEK. The event was canceled following warnings of ‘terrorist’ threats.
Q: How has the U.S. responded?
A: On September 9, the United States Treasury Department issued fresh sanctions against Iran in response to the attacks. The United States Treasury Department stated that “Iran’s cyber-attack against Albania disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public.”
Notably, Albania is considered a U.S. ally and has been a full NATO member since 2009.
Q: Is the U.S. concerned that this will complicate ongoing nuclear deal negotiations?
A: The United States government has been piling sanctions on Iran since former President Trump withdrew from the JCPOA nuclear deal in 2018. The restoration of the agreement seemed close at hand in August 2022 after the EU submitted a draft deal they called a “final text.” However, this momentum has digressed over the past month.
The US State Department — which is leading the nuclear talks with Iran — welcomed the sanctions imposed on Tehran over the Albania cyber-attacks, stating that Washington will "use all appropriate tools to counter cyberattacks" against the U.S. and its allies.