New Cyberattack Wave Targets Albanian Parliament, Telecom


Cyberwarfare / Nation-State Attacks
Fraud Management & Cybercrime

Mobile Network Provider and National Flag Carrier Also Targeted

New Cyberattack Wave Targets Albanian Parliament, Telecom

Albania’s Parliament and a telecom service provider suffered cyberattacks this week in the latest wave of hacks targeting the country from Iran.

See Also: Critical Infrastructure Cybersecurity & Risk Monitoring: Elections Infrastructure

The attacks, which originated outside of Albania, prompted the country’s tech experts to immediately work on recovering the affected systems and analyzing the tactics and techniques used, the Albanian National Authority for Electronic Certification and Cyber Security or AKCESK said in a statement.

Reports from local media earlier in the week claimed that unnamed hackers had attempted to interfere with the Parliament’s infrastructure and delete data during the attack, although their efforts were ultimately unsuccessful.

The infrastructures attacked “are not currently classified as critical or important information infrastructure,” the cyber agency said, citing its legislative charter. But the agency added that it is “coordinating with international partners to support the institutions in performing an in-depth analysis on the evidence of the consequences that the attack may have caused in these infrastructures in the fastest possible time … in order to prevent similar cyberattacks.”

One Albania, the second-largest mobile operator in Albania with 1.36 million subscribers, confirmed in a Facebook post that it had identified and dealt with full capacities of a cybersecurity incident on Christmas day. “Despite this attack, One Albania’s services have not been paused and operated normally throughout the day, including customer services such as mobile, landline and IPTV,” the telecom company said.

Neither the Albanian Parliament nor the AKCESK immediately responded to Information Security Media Group’s request for additional details on the attack and its overall impact.

An Iran-linked hacker group called Homeland Justice on Monday took responsibility for the cyberattack on the Albanian Parliament and for attacks on two local telecom companies and the national flag carrier Air Albania.

The hackers posted on Telegram claiming to have successfully stolen data from the organizations. “The amount of data collected is enormous. Expect the worst to happen,” the hackers warned. Apparently, the hacker group has an open-web website where similar messaging is published. The earliest post dates in from January 2020.

Independent verification of the group’s claims is pending as the targeted companies have not responded to requests for comment.

The attacks are believed to be a retaliatory measure against Albania for providing shelter to members of the Iranian opposition group Mujahedeen-e-Khalq – aka MEK – in the city of Durrës. The hackers dubbed their campaign Destroy Durres Military Camp.

MEK media spokesperson Ali Safavi told The Associated Press that the reported cyberattacks in Albania “are not related to the presence or activities” of MEK members in the country.

In a major cyberattack in July, attributed to Iran, Albania had to close access to online public services and other government websites. Homeland Justice claimed responsibility for that attack, although researchers at Mandiant who analyzed the incident, couldn’t definitively link it to the same threat actor. Mandiant expressed “moderate confidence” that one or multiple Iran-linked groups had been involved (see: Iranian Group Likely Behind Albanian Government Attack).

Albania severed diplomatic ties with Tehran two months after the cyberattack, and the U.S. imposed sanctions on Iran’s primary intelligence agency in response to the aggression (see: US Sanctions Iranian Spooks for Albania Cyberattack).

At the time, Treasury Undersecretary for Terrorism and Financial Intelligence Brian Nelson said the Iranian attack had disregarded peacetime norms for cyberspace. “We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners,” he added.

The Iranian Ministry of Foreign Affairs has repeatedly denied any involvement and rejected accusations of conducting cyberattacks against Albania and its allies as “baseless, hollow and unproven.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *