2 years ago
22
ARTICLE AD BOX
By David Gritten
BBC News
Image source, Reuters
Albania has ordered Iranian diplomats and embassy staff to leave within 24 hours
Albania has severed diplomatic ties with Iran and ordered Iranian embassy staff to leave, accusing it of orchestrating a major cyber-attack.
Prime Minister Edi Rama said a probe had found "incontrovertible evidence" that Iran "hired four groups to mount the attack on Albania" on 15 July.
The hackers tried to paralyse public services, delete and steal government data, and incite chaos, he added.
Mr Rama described Albania's response as "extreme... but entirely forced on us".
The United States said it strongly condemned the cyber-attack on a Nato ally and vowed to hold Iran accountable for actions that threatened Albania's security and "set a troubling precedent for cyber-space".
There was no immediate comment from the Iranian government. But relations between Tirana and Tehran have been tense since Albania offered asylum to thousands of Iranian dissidents nine years ago.
Mr Rama said the goal of the hacking groups had been "the destruction of the digital infrastructure of the government of the Republic of Albania, as well as the theft of data and electronic communications of governments systems".
But he added: "The said attack failed its purpose... All systems came back fully operational and there was no irreversible wiping of data."
The prime minister nevertheless said the Albanian government's decision to sever diplomatic relations with Iran was "proportionate to the seriousness and danger posed by the cyber-attack".
US National Security Council spokesperson Adrienne Watson said American experts had also concluded that Iran "conducted this reckless and irresponsible cyber-attack" and that it was "responsible for subsequent hack and leak operations".
Iran's conduct, she warned, "disregards norms of responsible peacetime state behaviour in cyber-space", including one on refraining from damaging critical infrastructure providing public services.
Earlier this month, US cyber-security firm Mandiant said it had concluded "with moderate confidence" that "one or multiple threat actors who have operated in support of Iranian goals" were involved in the attack.
Mandiant noted that the disruption had come days before the start of a conference in Albanian town of Manez that was affiliated with the exiled Iranian opposition group Mujahideen-e-Khalq (MEK). The event was subsequently postponed following warnings of "terrorist" threats.
The firm likewise cited a video featuring the Albanian residence permits of purported MEK members that was posted on the Telegram channel used by a group named "HomeLand Justice" to claim credit for the cyber-attack.
It said a ransomware sample also included the text: "Why should our taxes be spent on the benefit of DURRES terrorists?" Manez is a town in the Durres County and is the location of a camp where about 3,000 MEK members have been allowed to live since 2013 at the request of the US and United Nations.
English (US)