Pierluigi Paganini December 29, 2023
Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania.
The telecom carrier disclosed the cyber attack with a post published on Facebook, the company also added that the cyber attack did not interrupt its services.
“Today, we identified and handled with full capacity and actively a cyber security incident. Despite this attack, One Albania services were unaffected and operated normally throughout the day, including services for customers such as mobile, landline and IPTV. In close cooperation with the state institutions AKEP and AKCESK, we continue to work to fully provide services and data. Appreciating your support and understanding, we remain committed to maintaining transparency throughout the process.“
AKCESK revealed that it is helping targeted institutions in managing the cyber attacks, the Albanese agency reported that the targeted entities are critical infrastructure.
“Yesterday, on December 25, AKCESK was notified of cyber attacks that occurred on the ONE telephone company and the Assembly of the Republic of Albania.” reads the announcement published by AKCESK.
“AKCESK is also coordinating the work with international partners to support the institutions in performing an in-depth analysis on the evidence of the consequences that the attack may have caused in these infrastructures in the fastest possible time. At the same time, the findings so far have been shared in real time with all critical and important information infrastructures from the traces of the attack actors identified in order to prevent similar cyber attacks on these infrastructures.”
The investigation initiated by the AKCESK is still ongoing; however, the government agency has determined that the origin of the attack is from abroad.
“Our analysis has pointed out that the attacks do not originate from Albanian IP, helping us better understand the international dimensions of the threat. This incident has prompted AKCESK to review and strengthen its cyber security strategies, including developing specialized training for responsible staff and strengthening international cooperation.” adds AKCESK.
The Hacker News reported that the Iranian hacker group Homeland Justice claimed responsibility for this attacks on its Telegram channel.
The group also claimed to have hacked Air Albania.
In September 2022, Albania blamed Iran for another cyberattack that hit computer systems used by the state police.
Albania interrupted diplomatic ties with Iran and expelled the country’s embassy staff over the massive cyber attack that hit the country in mid-July 2022.
The cyberattack hit the servers of the National Agency for Information Society (AKSHI), which handles many government services. Most of the desk services for the population were interrupted, and only several important services, such as online tax filing, were working because they are provided by servers not targeted in the attack. Albania reported the attack to the NATO Member States and other allies.
The relations between Albania and Iran have deteriorated since the government of Tirana offered asylum to thousands of Iranian dissidents.
The United States government issued a statement condemning Iran for attacking Albania.
“The United States strongly condemns Iran’s cyberattack against our NATO Ally, Albania. We join in Prime Minister Rama’s call for Iran to be held accountable for this unprecedented cyber incident. The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace.” U.S. National Security Council spokesperson Adrienne Watson said. “We have concluded that the Government of Iran conducted this reckless and irresponsible cyberattack and that it is responsible for subsequent hack and leak operations.”
NATO, and the U.K. also formally blamed the Iranian government for the cyberattacks against Albania.
The U.S. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July.
MOIS is the primary intelligence agency of the Islamic Republic of Iran and a member of the Iran Intelligence Community. It is also known as VAJA and previously as VEVAK (Vezarat-e Ettela’at va Amniyat-e Keshvar) or alternatively MOIS.
The Iranian government denied it was behind the cyberattack and labeled Albania’s decision to sever diplomatic ties “an ill-considered and short-sighted action”.
“Iran as one of the target countries of cyberattacks on its critical infrastructure rejects and condemns any use of cyber space as a tool to attack the critical infrastructure of other countries,” the Iranian foreign ministry said.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cyberattack)