An Attack on Albanian Government Suggests New Iranian Aggression

4 days ago 35

In mid-July, a cyberattack on the Albanian government knocked out state websites and public services for hours. With Russia’s war raging in Ukraine, the Kremlin might seem like the likeliest suspect. But research published on Thursday by the threat intelligence firm Mandiant attributes the attack to Iran. And while Tehran’s espionage operations and digital meddling have shown up all over the world, Mandiant researchers say that a disruptive attack from Iran on a NATO member is a noteworthy escalation.

The digital attacks targeting Albania on July 17 came ahead of the “World Summit of Free Iran,” a conference scheduled to convene in the town of Manëz in western Albania on July 23 and 24. The summit was affiliated with the Iranian opposition group Mujahideen-e-Khalq, or the People’s Mojahedin Organization of Iran (often abbreviated MEK, PMOI, or MKO). The conference was postponed the day before it was set to begin because of reported, unspecified “terrorist” threats.

Mandiant researchers say that attackers deployed ransomware from the Roadsweep family and may have also utilized a previously unknown backdoor, dubbed Chimneysweep, as well as a new strain of the Zeroclear wiper. Past use of similar malware, the timing of the attacks, other clues from the Roadsweep ransomware note, and activity from actors claiming responsibility for the attacks on Telegram all point to Iran, Mandiant says.

“This is an aggressive escalatory step that we have to recognize,” says John Hultquist, Mandiant’s vice president of intelligence. “Iranian espionag...

Read Entire Article