• Login


Understanding Iran’s latest cyberattack on Albania?

26 September 2022


For the first time in its history, Albania cut its diplomatic ties with the Islamic Republic of Iran over recent major cyberattacks. Prime Minister Edi Rama on Wednesday September 7 accused Iran of directing an attack on Albanian institutions on July 15 in a bid to “paralyse public services and hack data and electronic communications from the government systems.” 


Several implications

The attack stirred an uproar from the US. Albania responded strongly. Iran’s cyberattack has revealed several developments of late, summarised as follows: 


1.    Iran continues to threaten Albania’s cyber security:

Investigation carried by Albanian and US experts revealed an Iran-backed group was behind the attack, which targeted on July 15 Albania’s government gateway, threatening to paralyse Albania’s public services. 


Just three days after the attacks were announced, the country’s interior ministry suffered another attack, which was carried by the same Iran-backed group. The ramifications second attack were large: Albania had to shut down its entire information management systems, which controls the registration points for sea, air, and land ports. The short span in which the attacks took place indicate Tehran’s intentions to instrument the most damage possible on Albania’s digital infrastructure and weaken its public service sector. A similar attack in 2021 targeted Tirana International Airport was revealed to have been carried by Iran-backed hacking group. 


These attacks come after the relationships between the two countries have gone bitter since 2013 when the Balkan state began hosting more than 3000 members of the opposition People’s Mujahedeen of Iran, or Mujahedeen-e-Khalq (MEK), on its soil.


Iran has objected to Albania’s hosting of MEK members, saying its national security is being threatened. Fars, Iran’s news agency which is the managed by the Islamic Revolutionary Guard Corps (IRGC), encouraged the government of Iran to bomb the camps hosting MEK members in Tirana using drones or ballistic missiles. 


2.    Tracking down MEK members:

Iran has been on MEK members tail for a long while, chasing dissidents across continental Europe. In July, for instance, a MEK conference had to be called off following an intelligence tip off by security services warned the organisers of possible threat by Iran-backed agents. 


Earlier revelations were made by Albanian police services. In October 2019, an IRGC terror cell had been planning an attack on MEK exiles in Balkan. 


But these attacks extended beyond Albania. In 2018, two undercover agents connected to Iran were arrested in a suspected bomb attack plot on a meeting of an exiled Iranian opposition group in France. In neighbouring Germany, several Europeans of Iranian origins were arrested in a cross-country plot to target Iranian opposition supporters using explosives. These arrests exposed Iran’s underlying strategy to target dissidents everywhere. 


3.    US sanctions on Iran: 

NATO, Britain, and the US were quick to support Albania in reinforcing its cyber security. Washington has warned Tehran of imminent sanctions on Esmaeil Khatib, Iran’s minister of intelligence, and that it would invoke Article 5 of the NATO treaty, which provides that if a NATO Ally is the victim of an armed attack, each and every other member of the Alliance will consider this act of violence as an armed attack against all members and will take the actions it deems necessary to assist the Ally attacked.


Washington’s message is clear: the consequences of Iran’s malicious cyber activity would be met with harsh punishment and further sanctions. For policy makers in Washington, ongoing nuclear negotiations and Iran’s cyber activities would not hold back the US from retaliating. 


4.    Historical foes:

Albania-Iran relations have deteriorated over the past years. When Quds Forces commander Qasem Soleimani was killed by an US airstrike, Albania celebrated the news. Iran’s Grand Ayatollah, Sayyid Ali Hosseini Khamenei, has on many occasions criticised Albania, calling the Balkan country a ‘small, evil state’, to which Albania's leaders responded angrily. Two Iranian diplomats were expelled from Tirana for “damaging its national security” in a move that was applauded in Washington as a further signal “to Iran’s leaders that their support for terrorism will not be tolerated”.


Albania, moreover, has hosted MEK members since 2013, through an arrangement between Albania and the US. Albania PM Edi Rama said hosting MEK exiles reflects the deep alliance between his country and the US. 


5.    Blocking Iran’s malicious activity: 

The quick response made by Washington and Albania, reflected a determination by the two allies to stand up to Iran’s threatening activities. After diplomatic ties were severed over the cyberattacks, Iranian diplomats were reported to have burned papers inside the Iranian embassy in Tirana, which may indicate sensitive and intelligence documents were kept there. 


German, concurrently, arrested four members of a gang smuggling narcotics from Iran in an operation that is reported as the country’s largest-ever seizure of heroin, while in Sweden, intelligence agency has accused Iran of trying to steal nuclear technology. Clearly, Washington and its allies are prepared to face Iran’s increased illicit activity. 


Increasing pressure

The expulsion of Iranian diplomats is the latest in a series of developments aimed at pressuring Iran, which could be summarised as follows: 


1.    Failed nuclear negotiations:

Washington is growing frustrated at the failing negotiations. Iran’s written response wasn’t up to EU’s expectation, and US Foreign Secretary Antony Blinken said it was a step backwards, noting Iran insists on unrealistic demands since the beginning of the negotiations. 


Washington’s response to Iran’s cyberattacks cannot be viewed separate to its ongoing nuclear negotiations, for the US was quick to impose new sanctions on Iran which followed on the heels of earlier sanctions linked to Iran supplying Moscow with drones in support for its operation in Ukraine. 


2.    Israeli pressure:

Tel Aviv, a sector leader in the region, offered Tirana support to strengthen its cybersecurity infrastructure. Israeli deputy minister of foreign affairs, Idan Roll, met Albanian foreign minister during the Conference on Shaping Feminist Foreign Policy in Berlin. 


When considered along the ongoing Israeli presence in Syria, Iran’s cyberattacks take on a deeper dimension: Israel has increased its operations on Iran’s presence in Syria, air-striking Iranian ammunition warehouses, sea and airports, and key routes to cut supply channels between Iran and its militias in Syria and Lebanon, thus increasing the pressure on Tehran.


It may be concluded, therefore, that Washington and its allies on the one hand, and Iran on the other, are expected to continue the stalemate in the coming period, especially as nuclear negotiations stifle. Yet, even if an agreement was to be reached, Iran’s damaging activity in the region is anticipated to continue, meaning counter measures by Israel, with Washington’s approval, to balance Iran’s presence would continue as well, against Iranian targets, on Iran’s soil and beyond.