US Company: Likely Iranian Threat Actor in Albania Cyberattack

TIRANA, Albania — A cyberattack that temporarily shut down many Albanian government digital services and websites in mid-July was likely the work of pro-Iranian hackers seeking to disrupt an Iranian opposition group’s conference in Albania, it said. a major US cybersecurity company on Thursday.

In a report, Mandiant expressed “moderate confidence” that the attackers were acting to support Tehran’s anti-dissident efforts based on several factors: timing, the content of a social media channel used to claim responsibility and similarities in software code used with malware. long used to target Persian and Arabic speakers.

The July 23-24 conference of the Iranian dissident group Mujahedeen-e-Khalq was indeed canceled following warnings from local authorities of a possible terrorist threat. Some 3,000 Iranian dissidents from the group, better known as the MEK, live at Camp Ashraf 3 in Manez, 30 kilometers (19 miles) west of the Albanian capital, Tirana.

The Free Iran Global Summit was to be held at the camp with US lawmakers among the guests.

A group calling itself “HomeLand Justice” claimed responsibility for the cyberattack, which used ransomware to scramble the data. Ransomware is best known for its use in for-profit criminal extortion, but it is increasingly being used for political purposes, particularly by Iran.

The ‘HomeLand Justice’ claim came on a Telegram channel in which documents purporting to be Albanian residence permits of MEK members were posted, along with a video of the ransomware being activated. The channel alleged corruption in the Albanian government and used hashtags including #Manez.

“This activity poses an active threat to public and private organizations in other NATO member states,” Mandiant said. “As negotiations surrounding the Iran nuclear deal continue to stall, this activity indicates that Iran may feel less restraint in conducting cyber network attack operations in the future.”

At the time, the government in Tirana said the hackers’ method was identical to last year’s attacks in other NATO states, including Germany, Lithuania, the Netherlands and Belgium .

Iran’s mission to the United Nations did not immediately respond to a request for comment on Thursday.

The MEK began as a Marxist group opposing the rule of Shah Mohammad Reza Pahlavi in ​​Iran. He supported the 1979 Islamic Revolution, but soon fell out with Grand Ayatollah Ruhollah Khomeini and turned against his clerical government, leading a series of assassinations and bombings in the Islamic Republic.

The MEK then fled to neighboring Iraq, leading many Iranians to oppose the group. Although now largely based in Albania, the group claims to operate a network inside Iran.


Follow Llazar Semini at

Previous Janhvi Kapoor nervous for dad Boney Kapoor's acting debut; this is what she said
Next DC Fans Make It Very Clear What They Think About Ezra Miller's Flash Movie