Iran-Albania cyber attack

US Treasury imposes sanctions on Iran’s intelligence ministry over Albania cyberattack

The U.S. Treasury Department has imposed sanctions on Iran’s Ministry of Intelligence and Security (MOIS) and its intelligence minister over Albania’s cyberattack.

The U.S. Treasury Department has announced sanctions on Iran’s Ministry of Intelligence and Security (MOIS) and its intelligence minister in response to a cyberattack that hit Albania in July.

MOIS is the main intelligence agency of the Islamic Republic of Iran and a member of the Iranian intelligence community. It is also known as VAJA, formerly known as VEVAK (Vezarat-e Ettela’at va Amniyat-e Keshvar) or MOIS.

Since at least 2007, MOIS has coordinated a series of cyber operations against government entities and private organizations around the world. In January, U.S. Cyber ​​Command formally linked the Iran-linked MuddyWater APT group, also known as SeedWorm and TEMP.Zagros, to Iran’s Ministry of Intelligence and Security (MOIS).

“Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Iran’s Ministry of Intelligence and Security (MOIS) and its Intelligence Secretary to engage in cyber activities against the United States and its allies.” Read the U.S. Treasury Department press release. “In July 2022, a cyber threat actor assessed as sponsored by the Iranian government and MOIS compromised the computer systems of the Albanian government, forcing the government to suspend online public services for its citizens.”

“Iran’s cyberattack on Albania disregards peacetime norms of responsible state conduct in cyberspace, which includes norms to avoid disrupting critical infrastructure that serves the public,” said Bryant, Treasury Undersecretary for Terrorism and Financial Intelligence Ann E. Nelson said. “We will not tolerate Iran’s increasingly aggressive cyber activity against the United States or our allies and partners.”

Albania’s Prime Minister Edi Rama announced this week that Albania had severed diplomatic relations with Iran and expelled the country’s embassy staff following a massive cyberattack that hit the country in mid-July.

The cyber attack hit the servers of the National Information Society (AKSHI), which handles many government services. Most public-facing desktop services were disrupted, and only a few essential services (such as online tax filing) worked because they were served from non-targeted servers. Albania reported the attack to NATO members and other allies.

According to a statement released by the government, the damage may be considered insignificant compared to the threat actor’s target.

The country’s embassy staff were asked to leave Albany within 24 hours.

The US government issued a statement condemning Iran’s attack on Albania.

“The United States strongly condemns Iran’s cyberattack against our NATO ally Albania. We join Prime Minister Rama in calling on Iran to be held accountable for this unprecedented cyber incident. The United States will take further action to hold Iran accountable for actions that threaten the safety of our ally and Setting a troubling precedent for cyberspace,” said National Security Council spokeswoman Adrienne Watson. “We have come to the conclusion that the Iranian government carried out this reckless and irresponsible cyber attack and it is responsible for the subsequent hacking and leaks.”

Relations between Albania and Iran have soured since the Tirana government offered asylum to thousands of Iranian dissidents.

NATO and the UK have also formally blamed the Iranian government for the cyberattack against Albania.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(security affairs Hacking, Albania Cyber ​​Attack)

Leave a Comment

Your email address will not be published.