Albania severs diplomatic ties with Iran over cyber-attack

  • Published
Albanian police stand outside the Iranian embassy in Tirana, Albania (7 September 2022)Image source, Reuters
Image caption,
Albania has ordered Iranian diplomats and embassy staff to leave within 24 hours

Albania has severed diplomatic ties with Iran and ordered Iranian embassy staff to leave, accusing it of orchestrating a major cyber-attack.

Prime Minister Edi Rama said a probe had found "incontrovertible evidence" that Iran "hired four groups to mount the attack on Albania" on 15 July.

The hackers tried to paralyse public services, delete and steal government data, and incite chaos, he added.

In response, Iran rejected Mr Rama's claims as "baseless."

Its foreign ministry condemned the decision to expel its diplomats as "anti-Iranian" and suggested in a statement that "third parties" may have been involved in coming up with the accusations, Iran's state news agency reported.

Albania's leader described the decision as "extreme" but said it was "entirely forced on us".

The United States said it strongly condemned the cyber-attack on a Nato ally and vowed to hold Iran accountable for actions that threatened Albania's security.

Relations between Tirana and Tehran have been tense since Albania offered asylum to thousands of Iranian dissidents.

Mr Rama said in a televised statement that the goal of the hacking groups had been "the destruction of the digital infrastructure of the government of the Republic of Albania, as well as the theft of data and electronic communications of governments systems".

But he added: "The said attack failed its purpose... all systems came back fully operational and there was no irreversible wiping of data."

The prime minister said the Albanian government's decision to sever diplomatic relations with Iran was "proportionate to the seriousness and danger posed by the cyber-attack".

US National Security Council spokesperson Adrienne Watson said American experts had also concluded that Iran "conducted this reckless and irresponsible cyber-attack" and that it was "responsible for subsequent hack and leak operations".

Iran's conduct, she warned, "disregards norms of responsible peacetime state behaviour in cyber-space".

Earlier this month, US cyber-security firm Mandiant said it had concluded "with moderate confidence" that "one or multiple threat actors who have operated in support of Iranian goals" were involved in the attack.

Mandiant noted that the disruption had come days before the start of a conference in Albanian town of Manez that was affiliated with the exiled Iranian opposition group Mujahideen-e-Khalq (MEK).

The event was subsequently postponed following warnings of "terrorist" threats.

The firm likewise cited a video featuring the Albanian residence permits of purported MEK members that was posted on the Telegram channel used by a group named "HomeLand Justice" to claim credit for the cyber-attack.

It said a ransomware sample also included the text: "Why should our taxes be spent on the benefit of DURRES terrorists?"

Manez is a town in Durres County and is the location of a camp where about 3,000 MEK members have been allowed to live since 2013 at the request of the US and United Nations.

"This is possibly the strongest public response to a cyber-attack we have ever seen," John Hultquist, Mandiant's vice-president of intelligence, said following Albania's announcement.

He added that the attack was "a reminder that while the most aggressive Iranian cyber-activity is generally focused in the Middle East region, it is by no means limited to it".

Mr Hultquist also warned that it showed major critical government systems in Nato countries were "vulnerable and under attack".