Britain today (Wednesday 7 September) condemned the Iranian state for a cyber attack against the Albanian government that destroyed data and disrupted basic public services, including paying for utilities, doctor’s appointments and school registration.
National Cyber Security Center (NCSC) estimates that state-linked Iranian cyber actors are almost certainly responsible for a series of cyber attacks on Albania’s public infrastructure since July 15 that have significantly affected public Internet services and other government sites.
The websites of the Albanian parliament and the prime minister’s office, as well as “e-Albania”, a portal used by Albanians to access a range of government services, were attacked and shut down. The attackers also leaked Albanian government data, including details of emails from the prime minister and the foreign ministry.
Foreign Secretary James Cleverley said:
Iran’s reckless actions have shown blatant disrespect for the Albanian people by severely limiting their ability to access basic public services.
The UK supports our valued partner and NATO ally. We join Albania and other allies in denouncing Iran’s unacceptable actions.
NCSC assesses that Iran is an aggressive and capable cyber actor. Cyber operations are likely to be conducted by a complex and fluid network of groups with varying degrees of ties to the Iranian state, likely to include joint agency and contract personnel.
These cyberattacks are the latest in increasingly reckless behavior by Iran. Iran-linked cyber actors have a number of powerful disruptive and disruptive tools at their disposal. The UK has previously attributed a number of cyber incidents to Iranian actors and advised:
- 22 March 2018: The UK’s National Cyber Security Center has assessed with high confidence that the MABNA Institute is almost certainly responsible for a multi-year Computer Network Exploitation (CNE) campaign targeting universities in the UK, the US and other Western countries in the first queue for purposes of intellectual property (IP) theft.
- February 24, 2022: CISAfbi, CNMF, NCSC and NSA issued a joint cybersecurity advisory covering a group of advanced persistent threat actors (APTs) funded by the Iranian government, known as MuddyWater, which conduct cyberespionage and other malicious cyber operations targeting a range of public and private organizations in various sectors in Asia, Africa, Europe and North America
- November 17, 2021: CISAfbi, ACSC and NCSC issued a joint cybersecurity advisory on Iranian government-sponsored APT actors exploiting Microsoft Exchange and Fortinet vulnerabilities to gain initial access to downstream operations. Iranian government-sponsored APT actors are actively targeting a wide range of multiple US critical infrastructure sectors as well as Australian organizations