Iranian Hackers Claim They Disrupted Albanian InstitutionsWave of Attacks Hits Parliament, Telecommunications Provider, National Flag Carrier
Albania's Parliament and a telecommunications service provider suffered online attacks this week in the latest wave of hacks apparently launched against the country by Iran.
The attacks, which originated outside of Albania, prompted the country's tech experts to immediately work on recovering the affected systems and analyzing the tactics and techniques used, the Albanian National Authority for Electronic Certification and Cyber Security or AKCESK said in a statement.
Reports from local media earlier in the week claimed that unnamed hackers had attempted to interfere with the Parliament's infrastructure and delete data during the attack, although their efforts were ultimately unsuccessful.
The infrastructures attacked "are not currently classified as critical or important information infrastructure," the cyber agency said, citing its legislative charter. But the agency added that it is "coordinating with international partners to support the institutions in performing an in-depth analysis on the evidence of the consequences that the attack may have caused in these infrastructures in the fastest possible time … in order to prevent similar cyberattacks."
One Albania, the second-largest mobile operator in Albania with 1.36 million subscribers, confirmed in a Facebook post that it dealt with a cybersecurity incident on Christmas day. "Despite this attack, One Albania's services have not been paused and operated normally throughout the day, including customer services such as mobile, landline and IPTV," the telecom company said.
Neither the Albanian Parliament nor the AKCESK immediately responded to Information Security Media Group's request for additional details on the attack and its overall impact.
An Iran-linked hacker group called Homeland Justice on Monday took responsibility for the cyberattack on the Albanian Parliament and for attacks on two local telecom companies and the national flag carrier Air Albania.
The hackers in a Telegram post claimed to have stolen data from the organizations. "The amount of data collected is enormous. Expect the worst to happen," the hackers warned. Apparently, the hacker group has a publicly accessible website where similar messaging is published. The earliest post dates in from January 2020.
The group's claims could not yet be independently verified as the targeted companies have not responded to requests for comment.
The attacks are believed to be a retaliatory measure against Albania for providing shelter to members of the Iranian opposition group Mujahedeen-e-Khalq - aka MEK - in the city of Durrës. The hackers dubbed their campaign Destroy Durres Military Camp.
MEK media spokesperson Ali Safavi told The Associated Press that the reported cyberattacks in Albania "are not related to the presence or activities" of MEK members in the country.
In a major cyberattack in July, attributed to Iran, Albania had to close access to online public services and other government websites. Homeland Justice claimed responsibility for that attack, although researchers at Mandiant who analyzed the incident couldn't definitively link it to the same threat actor. Mandiant expressed "moderate confidence" that one or multiple Iran-linked groups had been involved (see: Iranian Group Likely Behind Albanian Government Attack).
Albania severed diplomatic ties with Tehran two months after the cyberattack, and the U.S. imposed sanctions on Iran's primary intelligence agency in response to the aggression (see: US Sanctions Iranian Spooks for Albania Cyberattack).
At the time, Treasury Undersecretary for Terrorism and Financial Intelligence Brian Nelson said the Iranian attack had disregarded peacetime norms for cyberspace. "We will not tolerate Iran's increasingly aggressive cyber activities targeting the United States or our allies and partners," he added.
The Iranian Ministry of Foreign Affairs has repeatedly denied any involvement and rejected accusations of conducting cyberattacks against Albania and its allies as being both "baseless" as well as "hollow and unproven."