The Albanian government has ordered Iranian diplomats to leave the country. Albania’s decision is possibly the strongest public response to a cyberattack in history. Last month, cybersecurity firm Mandiant published its findings on the cyberattack. Mandiant said it had “moderate confidence that one or multiple threat actors who have operated in support of Iranian goals are involved.” The U.S. National Security Council has strongly condemned Iran for the cyberattack, and has voiced support for Albania’s decision. Meanwhile, the Iranian foreign ministry described Albania’s claims as baseless, calling the NATO member’s decision an “illogical action in international relations.”
Iranian Diplomats Have 24 Hours to Leave Albania
Prime Minister Rama said after its investigations, the Albanian government has concluded that Iran was behind the cyberattack. Iran forced Albania to take such an extreme decision, he said. All Iranian embassy staff, diplomats, and security personnel have been ordered to leave the country within 24 hours. “The government has decided with immediate effect to end diplomatic relations with the Islamic Republic of Iran,” Albanian Prime Minister Edi Rama stated. “The deep investigation put at our disposal undeniable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran which had involved four groups for the attack on Albania,” he added. “This extreme response … is fully proportionate to the gravity and risk of the cyberattack that threatened to paralyse public services, erase digital systems and hack into state records, steal government intranet electronic communication and stir chaos and insecurity in the country.”
Details of the July 15 Cyberattack
Relations between the Albania and Iran turned sour in 2014, after Albania allowed approximately 3000 members of the exiled Iranian opposition group Mujahideen-e-Khalq (MEK) to settle within its borders. Iran described the organization as an anti-Iran terrorist group. The July cyberattack took place a few days before the start of an MEK-affiliated conference. According to Mandiant, the attackers deployed ransomware and wiper malware on several government websites and services platforms. Prime Minister Rama said the aim of the attack was to paralyze government systems, steal data, and incite chaos. “The said attack failed its purpose… all systems came back fully operational and there was no irreversible wiping of data,” Rama said.
U.S. Supports Albania’s Decision
The U.S. National Security Council issued a statement in support of the Albanian government’s decision. “The United States strongly condemns Iran’s cyberattack,” spokeswoman Adrienne Watson stated. “We join in Prime Minister Rama’s call for Iran to be held accountable for this unprecedented cyber incident.” “The United States will take further action to hold Iran accountable for actions that threaten the security of a US ally and set a troubling precedent for cyberspace,” Watson added. The Iranian foreign ministry has branded Albania’s move as illogical. Iran questioned the United States’ role in Albania’s decision. It said the immediate statements from the U.S. government and “organized media” point at a pre-fabricated plan against Iran. “The type of action and the third parties’ role in making and paying these claims against the Islamic Republic of Iran show the influence of the countries supporting terrorism and sedition,” the Iranian government said in a statement. The incident also point at an unnerving rise in cyberattacks against critical government infrastructure. Montenegro, another NATO member, saw disruptions to its government’s digital infrastructure in August. Montenegro believes that Russia had a hand in the cyberattacks.