Two months after a major cyberattack that took down portions of Albania’s national infrastructure and resulted in sensitive data being leaked, the country’s prime minister has blamed Iran for the intrusion, and the White House is promising “further action to hold Iran accountable”.
In a video message posted Wednesday, Albanian Prime Minister said that the country had “indisputable evidence” that the July 15 attack was the work of Iranian actors and was orchestrated and sponsored by the Iranian government. The attack targeted critical government systems and forced the national government to take government services offline. The intrusion included the deployment of a new strain of ransomware that researchers at Mandiant called Roadsweep, as well as the Zeroclear wiper malware. In early August, Mandian published details on the attack and attributed it to Iranian threat actors.
In his message Wednesday, Prime Minister Edi Rama said the intrusion was the work of four groups working at the direction of the Iranian government. As a result of the attack, Albania has cut off diplomatic relations with Iran and expelled Iran’s diplomats from the country.
“For weeks now, while work has been ongoing 24/7 to restore all damages, thorough investigations have been conducted to identify the aggressor. In cooperation with specialized partner agencies against cyber terrorism, who brought their teams to Tirana, it was confirmed that, first, without a shadow of doubt, the July 15 attack on Albania was not an individual operation or a concerted action by independent criminal groups, but a State-sponsored aggression,” Rama said.
“The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran through the engagement of four groups that enacted the aggression – one of them being a notorious international cyber-terrorist group, which has been a perpetrator or co-perpetrator of earlier cyberattacks targeting Israel, Saudi Arabia, UAE, Jordan, Kuwait and Cyprus.”
Rama said that Albania has shared the technical evidence it has gathered with NATO countries and other allies. Technical experts from the United States government have been in Albania working with the Albanian government’s security team to recover from the attack, and on Wednesday National Security Council spokesperson Adrienne Watson said the U.S. plans more direct action.
“The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace,” Watson said.
“Iran’s conduct disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public. Albania views impacted government networks as critical infrastructure. Malicious cyber activity by a State that intentionally damages critical infrastructure or otherwise impairs its use and operation to provide services to the public can have cascading domestic, regional, and global effects; pose an elevated risk of harm to the population; and may lead to escalation and conflict.”
“This is possibly the strongest public response to a cyber attack we have ever seen.”