Albanian parliament, telecom company hit by cyberattacks

Jason Macuray
The Albanian parliament and a telecom company operating in the country were targeted by cyberattacks this week

The Albanian parliament and a telecom company operating in the country were targeted by cyberattacks this week, the country’s cyber agency said in a statement.

According to the agency, the attacks originated from outside Albania and country’s tech experts “are currently working to recover the affected systems and analyze the tactics and techniques used by the threat actors involved in the attacks.”

Earlier this week, local media reported that during the attack on the parliament, hackers attempted to interfere with the infrastructure and delete data but were unsuccessful.

The attack hasn’t been attributed to a specific threat actor and the Albanian parliament did not respond to a request for comment by the time of publication.

On Monday, the Iran-linked hacker group known as Homeland Justice claimed responsibility for the cyberattack on the Albanian parliament, as well as two local telecom companies and Albania’s flag carrier.

In a post on Telegram, the hackers claimed to have stolen data from the targeted systems, warning its victims to “expect the worst.” The group’s claims could not be independently verified and the targeted companies have not responded to a request for comment.

The attacks are a possible retaliation for Albania sheltering members of the Iranian opposition group Mujahedeen-e-Khalq, or MEK, in the Albanian county of Durrës — the hackers named their campaign “Destroy Durres Military Camp.”

In a statement sent on Tuesday to The Associated Press, MEK’s media spokesperson Ali Safavi claimed the reported cyberattacks in Albania “are not related to the presence or activities” of MEK members in the country.

Earlier in July, Albania suffered a major cyberattack attributed to Iran that forced the country to close access to online public services and other government websites. Homeland Justice hackers claimed responsibility for that attack as well.

Researchers at Mandiant, who analyzed the attack, said that they didn’t have enough evidence to link the attack to this specific threat actor, but said they have “moderate confidence” that one or multiple Iran-linked groups were involved in the operation.

Two months after the attack, Albania severed diplomatic ties with Tehran in response to the attack, while the U.S. imposed sanctions on Iran’s primary intelligence agency.

“We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners,” said the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) in a statement.

In September, Albania reported that hackers linked to Iran’s government targeted computer systems used by the national police to track individuals entering and leaving the country. The attack prompted authorities to shut down computer control systems at border crossings and airports.

A spokesman for the Iranian Ministry of Foreign Affairs denied at that time that the country had been involved in any attack targeting Albania, calling the accusations “baseless” and “unproven.”

CybercrimeGovernmentNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Entertainment giant National Amusements says more than 82,000 affected by cyberattack

Next Post

First American says funds secure despite cyberattack

Related Posts

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is espionage-driven given the focus on military-related industry chains. The exact initial access vector used
Avatar
Read More