Cyberattack on Albanian government suggests new Iranian aggression

The Albanian government's websites were knocked out for hours in July. The Kremlin might seem to be the most likely suspect. According to research published on Thursday, the attack was caused by Iran. Mandiant researchers said that a disruptive attack from Iran on a NATO member is a noteworthy escalation.

The World Summit of Free Iran is scheduled to take place in the town of Manz in western Albania on July 23 and 24. The summit was associated with the People's Mojahedin Organization of Iran. The conference was canceled the day before it was scheduled to start because of threats.

Mandiant researchers say that attackers deployed ransomware from the Roadsweep family and may have also utilized a previously unknown backdoor, dubbed Chimneysweep, as well as a new strain of the Zeroclear wiper. Past use of similar malware, the timing of the attacks, other clues from the Roadsweep ransomware note, and activity from actors claiming responsibility for the attacks on Telegram all point to Iran, Mandiant says. Advertisement

Mandiant's vice president of intelligence says that this is an aggressive step. Iran is involved in espionage all over the world. This isn't espionage, that's the difference The lives of Albanians living within the NATO alliance are affected by these disruptive attacks. It was a coercive attack to get the government's attention.

Iran has conducted aggressive hacking campaigns in the Middle East and particularly in Israel, and has penetrated and probed manufacturing, supply, and critical infrastructure organizations. Iranian hackers were working to gain access to networks related to transportation, health care, and public health entities, according to warnings from the US and Australian governments. According to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Iranian government-sponsored actors can leverage this access for follow-on operations.

Tehran has limited how far it has gone in its attacks, mostly due to the fact that it keeps to data. Efforts to meddle in foreign elections, including targeting the US, have been part of the country's activities.

In the Middle East, Iran has always been aggressive, but outside of the region, they have been more restrained. They might be more willing to leverage their capability outside of the region. The fact that they target NATO states suggests to me that the deterrents we have against them may not exist at all.

With Iran claiming that it now has the ability to produce nuclear warheads, and representatives from the country meeting with US officials in Vienna about a possible revival of the 2015 nuclear deal between the countries, any signal about Iran's possible intentions and risk tolerance is significant.

The story was first published on wired.com.