Asharq Al-awsat English Middle-east and International News and Opinion from Asharq Al-awsat Newspaper

US Firm: Likely Iranian Threat Actor in Albania Cyberattack

US Firm: Likely Iranian Threat Actor in Albania Cyberattack

Thursday, 4 August, 2022 - 18:00
A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

A cyberattack that temporarily shut down numerous Albanian government digital services and websites in mid-July was likely the work of pro-Iranian hackers seeking to disrupt an Iranian opposition group's conference in Albania, a leading US cybersecurity firm said Thursday.

In a report, Mandiant expressed “moderate confidence” the attackers were acting in support of Tehran's anti-dissident efforts based on several factors: The timing, the content of a social media channel used to claim responsibility, and similarities in software code used with malware long used to target Farsi and Arabic speakers.

The July 23-24 conference by the Iranian dissident group Mujahedeen-e-Khalq was in fact canceled following warnings from local authorities of a possible terrorist threat. Some 3,000 Iranian dissidents from the group, best known as MEK, live at Ashraf 3 camp in Manez, 30 kilometers west of Albania’s capital, Tirana.

The Free Iran World Summit was to have been held at the camp with US lawmakers among the invitees, The Associated Press reported.

A group calling itself “HomeLand Justice” claimed credit for the cyberattack, which used ransomware to scramble data. Ransomware is best known for its use in for-profit criminal extortion but is being increasingly wielded for political ends, particularly by Iran.

The claim by “HomeLand Justice" came on a Telegram channel in which documents purported to be Albanian residence permits of MEK members were posted, along with video of the ransomware being activated. The channel alleged corruption in the Albanian government and used hashtags including #Manez.

“This activity poses an active threat to public and private organizations in other NATO member states,” Mandiant said. “As negotiations surrounding the Iran nuclear deal continue to stall, this activity indicates Iran may feel less restraint in conducting cyber network attack operations going forward.”

At the time, the Tirana government said the hackers’ method was identical with attacks last year in other NATO states including Germany, Lithuania, the Netherlands and Belgium.

Editor Picks