Cyberattack on Albanian government shows new Iranian aggression
In mid-July, a cyberattack against the Albanian government brought down state websites and public services for hours. With Russia’s war raging in Ukraine, the Kremlin seems to be the most reliable suspect. But research announced Thursday by threat intelligence firm Mandiant attributed the attack to Iran. And while Tehran’s espionage and digital interference activities have sprung up around the world, Mandiant researchers say a disruptive attack from Iran on a NATO member is an escalation. remarkable.
The July 17 digital attacks against Albania come ahead of the “World Summit on Free Iran”, a conference scheduled to be convened in the western Albanian town of Manëz on July 23 and 24. The summit is affiliated with the Iranian opposition group Mujahadeen- e-Khalq, or the People’s Mojahedin Organization of Iran (commonly abbreviated MEK, PMOI or MKO). The conference was postpone days before it was set to begin because of unspecified, reported “terrorist” threats.
Mandiant researchers say that attackers deployed ransomware from the Roadsweep family and may also have used a previously unknown backdoor, called Chimneysweep, as well as a new line of Zeroclear wipers . Mandiant said past use of similar malware, the timing of the attacks, other clues from the Roadsweep ransomware note, and activity from parties claiming responsibility for the attacks on Telegram are all directed to Iran, Mandiant said.
“This is a positive escalation that we must recognize,” said John Hultquist, Mandiant’s vice president of intelligence. “Iranian espionage happens all the time around the world. The difference here is that this is not espionage. These are disruptive attacks that affect the lives of everyday Albanians living in the NATO alliance. And it was essentially a coercive attack aimed at government involvement.”
Iran has carried out active hacking campaigns in the Middle East and especially in Israel, and state-backed hackers have penetrated and probed manufacturing, supply and critical infrastructure organizations. important. In November 2021, the governments of the United States and Australia warning that Iranian hackers were actively working to gain access to a wide range of networks related to transportation, healthcare and public health entities, among others. “These Iranian government-sponsored APT actors can leverage this access for further activities, such as data intrusion or encryption, ransomware, and extortion,” said the Cybersecurity Authority and Infrastructure Department of Homeland Security writes at the time.
However, Tehran has limited how far its attacks have gone, largely aimed at data collection and surveillance on a global scale. However, the country has engaged in influence operations, disinformation campaigns and attempts to interfere in foreign elections, including targeting the US.
“We are used to Iran being aggressive in the Middle East, where that activity has never stopped, but outside of the Middle East they have been much more restrained,” Hultquist said. “I am concerned that they may be more willing to leverage their capabilities outside of the region. And they clearly have no qualms about targeting NATO countries, which suggests to me that any stand-off that we believe exists between us and them could completely does not exist “.
With Iran claim that it is now capable of producing nuclear warheads, and the country’s representatives meeting with US officials in Vienna about the possibility of reviving the 2015 nuclear deal between the countries, any signal of Iran’s possible intentions and risk-taking in dealing with NATO are meaningful.
This story originally appeared on wired.com.