UK condemns Iran for reckless cyberattack on Albania

The UK today (Wednesday 7 September) condemned the Iranian state for a cyberattack on the Albanian government which destroyed data and disrupted essential government services including payment for utilities, appointment booking medical and school enrollment.

The National Cybersecurity Center (NCSC) believes that Iranian state-linked cyberactors are almost certainly responsible for the series of cyberattacks against Albanian government infrastructure beginning July 15, which had a significant impact on public online services and other websites governmental.

The websites of the Albanian Parliament and Prime Minister’s Office, as well as “e-Albania”, a portal that Albanians use to access a number of public services, were attacked and shut down . The attackers also leaked data from the Albanian government, including details of emails from the prime minister and the foreign ministry.

Foreign Secretary James Cleverly said:

Iran’s reckless actions have shown blatant disregard for the Albanian people, severely restricting their ability to access essential public services.

The UK supports our valued NATO partner and ally. We join Albania and other allies in denouncing Iran’s unacceptable actions.

Background

NCSC believes that Iran is an aggressive and competent cyber actor. Cyber ​​operations are likely carried out by a complex and fluid web of groups, with varying degrees of association with the Iranian state, whose workforces are most likely a mix of ministerial and contract personnel.

These cyberattacks are the latest in increasingly reckless behavior by Iran. Iran-linked cyber actors have a number of powerful disruptive and destructive tools at their disposal. The UK has previously attributed and advised on a number of cyber incidents by Iranian actors:

  • March 22, 2018: The UK’s National Cyber ​​Security Center has assessed with high confidence that the MABNA Institute was almost certainly responsible for a multi-year Computer Network Exploitation (CNE) campaign targeting UK universities. United, United States, as well as other Western countries, mainly for the purpose of intellectual property (IP) theft
  • February 24, 2022: CISAFBI, CNMF, NCSC and NSA released a joint cybersecurity advisory highlighting a group of Iranian government-sponsored Advanced Persistent Threat (APT) actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting a range of threats. government and private sector organizations across all sectors in Asia, Africa, Europe and North America
  • November 17, 2021: CISAFBI, CSCA and NCSC released a joint cybersecurity advisory on Iranian government-sponsored APT actors exploiting vulnerabilities in Microsoft Exchange and Fortinet to gain initial access ahead of tracking operations. Iranian government-sponsored APT actors actively target a wide range of multiple U.S. critical infrastructure sectors as well as Australian organizations

Comments are closed.