Albania is ending its diplomatic relations with Iran and has ordered Iranian diplomats and embassy staff to leave within 24 hours, after an investigation into a cyberattack in July found Iran was responsible, Prime Minister Edi Rama said on Wednesday. Iran has called the claims "baseless."
“The government has decided with immediate effect to end diplomatic relations with the Islamic Republic of Iran,” Rama said in a video statement sent to the media.
“This extreme response... is fully proportionate to the gravity and risk of the cyberattack that threatened to paralyze public services, erase digital systems and hack into state records, steal government intranet electronic communication and stir chaos and insecurity in the country,” Rama said.
Rama says Iranian attack aimed to destroy Albania's digital infrastructure
According to Rama, Iran attacked Albanian government sites in an attempt to “destroy it, paralyze public services and hack data and electronic communications from the government systems.”
Last month, cybersecurity firm Mandiant estimated that the July attack was conducted by Iran, though Russia was a likely suspect, as noted by a number of US media outlets. The US strongly condemned the cyberattack.
The report by Mandiant noted that “the use of ransomware to conduct a politically motivated disruptive operation against the government websites and citizen services of a NATO member state in the same week an Iranian opposition groups’ conference was set to take place would be a notably brazen operation by Iran-nexus threat actors.”
Mandiant theorized that the attack indicates that Iran “may feel less restraint in conducting cyber network attack operations going forward” and may have “an increased tolerance of risk” when conducting cyberattacks.
Thorough investigations have been conducted to make sure that no irreversible damage was done and to identify the hackers, Rama added. All of the systems are backed up and running.
Prime Minister of Albania @ediramaal announces the severing of all diplomatic ties with Iran and announces that Iran’s diplomats must depart the country within 24 hours as a response to an Iranian cyber-attack on Albanian government systems. pic.twitter.com/4aibJdal2U
— Mohammed Alyahya محمد اليحيى (@7yhy) September 7, 2022
The attack, which occurred on July 15, was not “an individual operation or concerted action by criminal groups, but a State-sponsored attack,” Rama said, adding that this information matched intelligence from Albanian cybersecurity firms.
“The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran,” Rama said. “It was through the engagements of four groups that enacted the aggression – one of them being a notorious international cyberterrorism group, which has been a perpetrator or co-perpetrator of earlier cyberattacks targeting Israel, Saudi Arabia, UAE, Jordan, Kuwait and Cyprus.”
Rama added that Albania updated NATO with all the information it has.
Iran slams decision to sever ties
The Iranian Foreign Ministry condemned the move by Albania, saying it considered "this country's decision to sever political relations with our country based on such baseless claims to be an ill-considered and short-sighted action in international relations."
The Foreign Ministry claimed that Iran has "principled positions" in cyberspace in multilateral and international forums and is itself targeted by cyberattacks on critical infrastructure.
The ministry also pointed a finger at the US and Israel, stating that "the immediate release of the American government's statement and the reception of this decision by the Zionist media indicate the existence of a prepared plan to create a political atmosphere against the Islamic Republic of Iran."
US condemns attack, calls for action against Iran
The US National Security Council in a statement on Wednesday condemned the Iranian cyberattack against Albania, calling for Iran to be held accountable for “this unprecedented cyber incident.”
"The United States will take further action to hold Iran accountable for actions that threaten the security of a US ally and set a troubling precedent for cyberspace."
US NSC Spokesperson Adrienne Watson
“The United States will take further action to hold Iran accountable for actions that threaten the security of a US ally and set a troubling precedent for cyberspace.”
NSC Spokeswoman Adrienne Watson said, “The United States will take further action to hold Iran accountable for actions that threaten the security of a US ally and set a troubling precedent for cyberspace.”
The NSC added that the US government has been working on the ground with private-sector partners to help Albania mitigate, recover from and investigate the attack.
“Iran’s conduct disregards norms of responsible peacetime state behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public,” said Watson. “Malicious cyber activity by a state that intentionally damages critical infrastructure or otherwise impairs its use and operation to provide services to the public can have cascading domestic, regional, and global effects; pose an elevated risk of harm to the population; and may lead to escalation and conflict.”