The UK condemned Iran-based cyberattacks for interfering with the Albanian government and vandalizing its bills, schedules, and student data in public schools. The attack allegedly damaged the government’s data and interrupted its normal functioning.
According to the National Cyber Security Centre (NCSC), the cyber-attack against the Albanian government infrastructure began on July 15, 2022, and was carried out by Iranian state-linked TAs (Threat Actors). The attacks negatively impacted Albania’s government website, public portals, and other government services.
Albania cyberattack spree explained
Attackers targeted and shut down the websites of the Albanian Parliament, the Prime Minister’s office, and ‘e-Albania,’ a portal used by Albanians to access several public services. The attackers also released private emails exchanged between the Prime Minister and the Ministry of Foreign Affairs in Albania.
According to Albanian Foreign Secretary James Cleverly, the hackers hampered Albanians’ access to necessary public services and demonstrated a flagrant disrespect for their needs. The southern European nation stated that the UK would be aiding the country against Iran’s “unacceptable actions” that have damaged the government bodies and created difficulties for its general public.
The NCSC evaluated Iran as a “capable and aggressive” cyber actor. Moreover, the organization advocates that a complex and fluid network of groups linked to the Iranian state presumably conducts cyber operations. These workforces are almost a mix of departmental and contract employees.
Iranian-linked TAs are equipped with various potent disruptive and destructive capabilities. The UK has already identified and provided advice on several cyberattacks by Iranian actors.
Background
The MABNA Institute was almost certainly behind a multi-year Computer Network Exploitation (CNE) campaign that targeted universities in the UK, the US, and other Western countries, primarily to steal intellectual property (IP), according to a report released on March 22 by the UK’s National Cyber Security Centre.
The Iranian government-sponsored advanced persistent threat (APT) actors known as MuddyWater were conducting cyber espionage and other nefarious cyber operations. These campaigns were carried out against various government and private-sector organizations across sectors in Asia, Africa, Europe, and North America.
According to a combined cyber security advisory from CISA, FBI, ACSC, and NCSC published on November 17, 2021, Iranian government-sponsored APT threat actors use Microsoft Exchange and Fortinet vulnerabilities to acquire initial access before follow-up operations.