Shortly after Iran denied responsibility for a July cyberattack, Albania was attacked again, allegedly from Iran again.
Albania’s government has blamed Iran for another violent cyber attack over the weekend. The same aggressor is responsible for the cyber attack in mid-July, which the NATO member state in the Western Balkans cited last week as the reason for breaking off relations with the Islamic Republic. Saturday’s attack hit the Total Information Management System (TIMS), which collects data on those entering or leaving the country, CNN reports. On Sunday Prime Minister Edi Rama tweeted that the system was back up and running. No data was leaked.
The next escalation
The weekend’s attack represents a further escalation in the conflict, which is no longer limited to Albania and Iran. After Albania’s government expelled all staff from the Islamic Republic’s diplomatic mission in the country, the US Treasury Department imposed sanctions on Iran’s Ministry of Intelligence and Security and its ministers. Washington had previously sharply condemned the cyber attack on the ally, which NATO has joined. Albania will be supported in strengthening its cyber defenses in order to be able to ward off such malicious attacks in the future.
Iran has “categorically” denied the allegations, contradicting the NATO Council’s claim that member states are committed to “secure cyberspace” and “stability”. Not only did the defense alliance remain silent as Iran’s infrastructure and nuclear power facilities came under attack, tweeted the Iranian Embassy to the European Union and thus refers to the Stuxnet attacks. They even helped directly with this cybersabotage: “You have no right to make such accusations against Iran.” As a victim of NATO cyber attacks on your own infrastructure, you condemn such attacks back to other states.
The original cyberattack happened on July 15th. According to the Albanian government, it should shut down public services and electronic communications and capture data. A few days after the cyber attack, the militant Iranian opposition group the People’s Mujahideen (مجاهدين خلق ايران) had to cancel a conference in Albania. Several thousand members of the organization found refuge there years ago and are agitating against the Islamic Republic. Although Iran denies being responsible for the cyber attack, Tehran now accuses NATO of providing a safe haven for the “terrorist cult” and also makes a connection.
Microsoft also holds Iran responsible
There is now also a detailed analysis by Microsoft of the cyber attack in mid-July. The US company’s security threat intelligence therefore assumes that “with a high degree of probability” several Iranian actors were involved in the action, which was carried out in several phases. Tools and a digital certificate were used that had previously been used by actors from Iran.
It was also observed that those responsible operated from Iran. After all, sectors that fit the interests of the Islamic Republic were attacked. Preparations had already begun in May 2021. The entire analysis, including a list of indicators of compromise, is available in a blog entry.