Cyber Incident Victim: Albania
Date:
Jul 2022
Location:
Albania
Summary
A cyberattack targeting Albania's government infrastructure prompted authorities to temporarily shut down most online public services and websites as a defensive measure. The incident, described as a sophisticated external attack, led to widespread disruptions affecting parliamentary, prime ministerial, and e-government portals, though tax filing systems remained operational on separate servers. The National Agency for Information Society collaborated with Microsoft, Jones International Group, and domestic cybersecurity firms to neutralize threats and protect information systems. Network data indicated the shutdown began during evening hours, with services remaining inaccessible for an extended period while response efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 16-17, 2022, Albania experienced a significant cyberattack targeting its government infrastructure, prompting the National Agency of Information Society (AKSHI) to temporarily shut down online public services and government websites. The attack occurred months after Albania transitioned most public sector services to an online portal in May 2022, a move intended to streamline operations and reduce corruption by closing in-person administrative offices. AKSHI described the incident as a "targeted and sophisticated cybercriminal attack from outside Albania," though officials did not publicly attribute responsibility to any specific actor or nation-state. By approximately 9:00 PM local time on July 16, real-time network data indicated widespread service disruptions, leading AKSHI to implement a full defensive shutdown of affected systems. This action rendered numerous critical services inaccessible, including parliamentary websites, the Prime Minister's Office portal, and the e-government gateway used by citizens and businesses for administrative functions.
The shutdown persisted through July 17, with all government websites remaining unreachable as of Monday afternoon. Notable exceptions included Albania's tax filing portal, which continued operating on separate infrastructure. AKSHI collaborated with Microsoft, cybersecurity firm Jones International Group, and local Albanian security companies to neutralize threats and prevent further compromise of information systems. Network monitoring organization NetBlocks confirmed the disruptions aligned with a defensive measure rather than a direct attack consequence like DDoS, emphasizing the government's proactive containment strategy. No data breaches or system damages were confirmed in available reports. Authorities did not provide an estimated restoration timeline, leaving citizens and businesses without access to essential online services indefinitely while response efforts continued. The incident underscored vulnerabilities in Albania's digital transformation initiative, which had centralized critical services shortly before the attack.