Albania reports 2nd cyberattack by Iran as US imposes sanctions
Police guard outside the Iranian Embassy in Tirana, Albania, Sept. 8, 2022. (AP Photo)


One of Albania's border systems was hit by a cyberattack that came from the same Iranian source as an earlier attack that led the country to break diplomatic relations with Iran, the Albanian Interior Ministry said Saturday.

It said in a statement that the previous evening an Albanian police transmitting system was found to be "under a cyberattack similar to the one that (government portal) e-Albania suffered in July."

"Preliminary results show the attack was committed by the same hand," the statement said, adding that authorities temporarily closed down all the systems, including the Total Information Management System (TIMS), which records entries and exits at the border crossing. Local media reported long queues in at least two border crossings in the south.

Albania, a NATO member, cut diplomatic ties with Iran and expelled its embassy staff this week. It was the first known case of a country cutting diplomatic relations over a cyberattack.

"Another cyberattack from the same aggressors already exposed and denounced by Albania’s allies and friendly countries, was seen last evening on the TIMS system," Prime Minister Edi Rama tweeted on Saturday, adding that officials are coordinating defensive work with allies.

The Albanian government has accused Iran of carrying out the July 15 attack, which temporarily shut down numerous Albanian government digital services and websites.

Microsoft, the FBI and other cyber experts helped Albania following the July attack. Microsoft said in a blog post Thursday that it was moderately confident the hackers belong to a group that has been publicly linked to Iran’s Ministry of Intelligence and Security.

The U.S. government on Friday imposed sanctions on Iran’s intelligence agency and its leadership in response to the attack on Albania. NATO and the European Union also denounced the attack and supported Albania’s move.

The U.S. Treasury Department said in a statement that Iran's Ministry of Intelligence directs several networks of cyber threat actors, including those involved in cyber espionage and ransomware attacks in support of the Iranian government.

"We will not tolerate Iran’s increasingly aggressive cyber activities," Treasury Under Secretary for Terrorism and Financial Intelligence Brian Nelson said in the statement.

The ministry was already designated under U.S. sanctions.

Iran has disregarded "norms of responsible peacetime state behavior in cyberspace," U.S. Secretary of State Antony Blinken added in a statement.

Iran rejected the sanctions as ineffective and politically motivated.

"Like previous illegal U.S. sanctions against the Ministry of Intelligence, this new label will never be able to create the slightest hinder in the determination of the Iranian people's security servicemen in this proud institution," Iran's Foreign Ministry Spokesperson Nasser Kanaani said.

"The announcement of immediate U.S. support for the Albanian government's false accusation against Iran ... clearly shows that it is the U.S. government that has designed this scenario against Iran," Iranian state media quoted Kanaani as saying.

Microsoft, whose cybersecurity research team helped investigate the incident, said in a blog post on Thursday that the Iranian cyber operation involved a combination of digital espionage techniques, data wiping malware and online information operations. The goal of the hackers, according to researchers, appeared to be to embarrass Albanian government officials.