In July 2022 Albania was hit by a severe cyber-attack targeting government systems. The attack is claimed of such magnitude that it could have wiped out large parts of Albanian critical infrastructure. After the attack, Albania cut its diplomatic ties with Iran. On September 10th, Albania reported a second attack, targeting systems of the police and the traveller information management system. The motives of the attacks trace back to 2014 when Albania provided a safe haven for the Iranian opposition group Mojahedin-e-Khalq (MEK). Hence, an acceleration in the already tense relationship between the states is prevalent. Further, the countermeasures conducted by the NATO-supported Albanian government, cutting its diplomatic ties, may point to a shift in the perception of hostile cyber operations between states in peacetime.
KJ1: It is highly likely that the number of cyber attacks between Iran and Albania will increase in the next 6 months.
- The MEK conducted several offensive cyber operations targeting the Iranian government. Among them, is the hacking of Iranian websites on November 24th 2021 spreading the message “death to Khamenei – greetings to Rajavi” [source].
- As the MEK is claimed to act as a proxy for Iranian opponents [source], the organisation may be utilised to spur further the ongoing protests among the Iranian domestic opposition [source; source].
- The sole raison d’être of the MEK is to overthrow the Iranian supreme leader, Ayatollah Khomeini [source]. Hence, provocations and spreading of anti-regime material is an integral part of its modus operandi [source].
The September 10th attack was of minor severity than the July attack [source; source].
KJ2: It is likely that the magnitude of conducted hostile cyber operations between Iran and Albania will decrease in the next 6 months.
- When detected, the intrusions in Albanian government systems were rapidly and effectively mitigated [source].
- According to the Federal Bureau of Investigation (FBI), until the July attack, the Iranian perpetrators had access to the Albanian systems for at least 14 months [source].
- In a statement on September 7th, Iran denied involvement in any hostile activity targeting Albania [source].
- During the Regional Summit of Brdo-Brijuni Leaders in Slovenia on September 12th, Albanian president Bajram Begaj appealed to the European Union to speed up the country’s integration process with reference to the Iranian cyber hostilities [source].
- On September 15th The United States imposed further sanctions on Iran following the September 10th attack [source].
At a meeting in Tirana, Albania on September 21st, NATO affirmed support for its allies facing cyber threats [source].
KJ3: It is likely that NATO members targeted by cyber-attacks will trigger diplomatic fallout in the next 6 months.
- US President Joseph Biden repeatedly indicated a shift in attitude on large-scale cyber-attacks targeting NATO members and could trigger more aggressive responses [source; source].
- Albania and the United States’ responses will serve as a signal to Russia’s hostile cyber operations targeting states in peacetime [source].
- On September 7th, Albania cut diplomatic ties with Iran forcing Iranian diplomats to leave the country within 24 hours [source].
Intelligence Cut-Off date: October 5, 2022