Cyber Incident Victim: Albanian Total Information Management System
Date:
Sep 2022
Location:
Albania
Summary
A cyberattack attributed to Iranian state-linked hackers targeted Albania's Total Information Management System, disrupting automated passport controls and fugitive database checks at border crossings and airports. The incident followed U.S. sanctions against Iran's intelligence agency for a prior attack on government services, prompting the country to sever diplomatic ties with Tehran. Authorities temporarily shut down affected systems but restored operations shortly afterward, claiming the intrusion caused no data leaks despite system penetration. Iranian officials denied involvement, dismissing the allegations as baseless while condemning the imposed sanctions. The attack mirrored previous tactics used against the nation's infrastructure earlier that year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 5 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 10, 2022, Albanian Prime Minister Edi Rama publicly attributed a cyberattack targeting the country’s Total Information Management System (TIMS) to Iranian state-linked hackers. The attack disrupted automated border control processes, including passport verification and fugitive database cross-referencing operated by Albania’s national police. This incident followed a prior cyberattack in July 2022 that had crippled Albanian government services, with Rama asserting both attacks originated from the same threat actors. The September attack coincided with recent U.S. Treasury sanctions against Iran’s Ministry of Intelligence and Security and its minister, Esmaeil Khatib, for orchestrating the July intrusion. Albania had severed diplomatic relations with Iran days earlier, citing "indisputable evidence" of Iranian responsibility shared with allied nations.
The TIMS compromise forced Albania’s Interior Ministry to manually shut down computerized border control systems at airports and crossing points to contain the intrusion. By September 11, Rama confirmed the restoration of border systems, emphasizing the attack had been fully contained without achieving its objectives. He analogized the breach to a home invasion but noted no data exfiltration or persistent compromise occurred. Iranian officials categorically denied involvement, labeling the accusations as baseless and condemning the U.S. sanctions. The incident highlighted operational reliance on TIMS for border security while demonstrating Albania’s capacity to rapidly isolate and recover critical systems despite repeated targeting.