Cyber Incident Victim: Albania
Date:
Sep 2022
Location:
Albania
Summary
A nation experienced renewed cyberattacks targeting its national police computer systems, attributed to the same actors responsible for a prior assault on government services. The attacks prompted authorities to shut down control systems at critical infrastructure points including seaports, airports, and border crossings. The government publicly blamed Iran for both incidents, leading to the immediate severance of diplomatic relations and expulsion of Iranian diplomatic personnel. The targeted state accused Iran of attempting to paralyze public services and compromise government data, though minimal damage was reported. Iran denied involvement, dismissing the allegations as baseless. The tensions stemmed from the country hosting an Iranian opposition group, which prompted U.S. sanctions against Iran's intelligence ministry over the cyber operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 9, 2022, Albania’s Interior Ministry reported a renewed cyberattack targeting the national police’s computer systems. Authorities attributed the attack to the same actors responsible for a prior July 15 assault on Albania’s public and government service infrastructure. To contain the threat, officials shut down computer control systems at seaports, airports, and border posts, disrupting operations at these critical transit points. Prime Minister Edi Rama publicly condemned the attack via Twitter, identifying the aggressors as the same entity previously condemned by Albania’s allies. This incident occurred just three days after Albania severed diplomatic relations with Iran on September 7, directly blaming Tehran for the July cyberattack. The government stated the September attack’s methodology aligned with the earlier incident, though specific technical details were not disclosed. No data destruction or irreversible system damage was reported from either attack.
The July 15 cyberattack, first disclosed by Albania on September 7, targeted government institutions with the alleged intent to paralyze public services and exfiltrate data from state systems. Prime Minister Rama characterized the attack as unsuccessful, noting minimal damage and full restoration of operational capabilities without permanent data loss. In response, Albania expelled all Iranian diplomats and embassy staff within 24 hours, marking a significant escalation in bilateral tensions rooted in Albania’s hosting of Iranian opposition group MEK members since 2013. Iran denied involvement, dismissing the accusations as baseless and criticizing the diplomatic rupture as shortsighted. The U.S. reinforced Albania’s claims by imposing sanctions on Iran’s Ministry of Intelligence and Security and its minister on September 9, citing Tehran’s role in the cyber campaign. These incidents underscored the geopolitical friction stemming from Albania’s alignment with Western interests, including NATO membership and its role as an MEK safe haven.