Cyber Incident Victim: Instituti i Statistikës
Date:
Jan 2024
Location:
Albania
Summary
Albania's Institute of Statistics experienced a sophisticated cyberattack impacting some systems, though recent census data remained unaffected. The organization disconnected internet access and initiated emergency protocols to safeguard data, collaborating with authorities to investigate the incident's origin and motives while restoring operations and enhancing security measures. This follows prior cyber incidents targeting Albanian government infrastructure, including a Parliament website breach and an earlier attack attributed to Iranian state actors by Albanian officials and international tech firms, which resulted in severed diplomatic relations amid denials from Iran. The United States, NATO, and the European Union supported Albania during the prior dispute.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 31, 2024, Albania’s Institute of Statistics (INSTAT) reported it had suffered a sophisticated cyberattack targeting its systems the previous day. The institute issued a statement via its Facebook page on February 1 confirming the incident, noting it had promptly disabled internet connections and activated emergency protocols to safeguard its data infrastructure. Initial assessments by cybersecurity experts determined that only a subset of INSTAT’s systems were compromised, with critical infrastructure supporting a recent census remaining unaffected. The attack disrupted normal operations, though the institute did not specify which services or datasets were impacted. INSTAT collaborated with national authorities to investigate the incident’s origin, identify the perpetrators’ motives, and restore full functionality. No threat actor claimed responsibility, and the institute did not disclose technical details about the attack vector or the duration of the disruption. The incident marked the second major cyberattack against an Albanian government entity in two months, following a December 2023 breach targeting the national Parliament’s website.
This cyberattack occurred against a backdrop of escalating tensions stemming from a July 2022 Iranian state-sponsored attack on Albania, which led to the severing of diplomatic relations between the two nations. The 2022 incident, attributed to Iran by the Albanian government and international tech firms, was reportedly retaliation for Albania harboring members of the exiled Iranian opposition group Mujahedeen-e-Khalq (MEK). Iran’s Foreign Ministry denied involvement, counter-accusing MEK of conducting cyberattacks against Iranian infrastructure. The United States, NATO, and the European Union publicly supported Albania’s response to the 2022 attack, reinforcing the geopolitical significance of cybersecurity incidents in the region. INSTAT’s post-incident priorities included strengthening its cybersecurity defenses while maintaining cooperation with law enforcement to mitigate future risks. The institute did not report data exfiltration or unauthorized access to census records, focusing instead on procedural recovery and system hardening measures.