Home Business US firm: Likely Iranian threat actor in Albania cyberattack

US firm: Likely Iranian threat actor in Albania cyberattack

7 min read
Comments Off on US firm: Likely Iranian threat actor in Albania cyberattack

Article content

TIRANA, Albania (AP) — A cyberattack that temporarily shut down numerous Albanian government digital services and websites in mid-July was likely the work of pro-Iranian hackers seeking to disrupt an Iranian opposition group’s conference in Albania, a leading U.S. cybersecurity firm said Thursday.

In a report, Mandiant expressed “moderate confidence” the attackers were acting in support of Tehran’s anti-dissident efforts based on several factors: The timing, the content of a social media channel used to claim responsibility, and similarities in software code used with malware long used to target Farsi and Arabic speakers.

Advertisement 2

Article content

The July 23-24 conference by the Iranian dissident group Mujahedeen-e-Khalq was in fact canceled following warnings from local authorities of a possible terrorist threat. Some 3,000 Iranian dissidents from the group, best known as MEK, live at Ashraf 3 camp in Manez, 30 kilometers (19 miles) west of Albania’s capital, Tirana.

The Free Iran World Summit was to have been held at the camp with U.S. lawmakers among the invitees.

A group calling itself “HomeLand Justice” claimed credit for the cyberattack, which used ransomware to scramble data. Ransomware is best known for its use in for-profit criminal extortion but is being increasingly wielded for political ends, particularly by Iran.

The claim by “HomeLand Justice” came on a Telegram channel in which documents purported to be Albanian residence permits of MEK members were posted, along with video of the ransomware being activated. The channel alleged corruption in the Albanian government and used hashtags including #Manez.

Advertisement 3

Article content

“This activity poses an active threat to public and private organizations in other NATO member states,” Mandiant said. “As negotiations surrounding the Iran nuclear deal continue to stall, this activity indicates Iran may feel less restraint in conducting cyber network attack operations going forward.”

At the time, the Tirana government said the hackers’ method was identical with attacks last year in other NATO states including Germany, Lithuania, the Netherlands and Belgium.

The MEK began as a Marxist group opposing the rule of Shah Mohammad Reza Pahlavi in Iran. It supported the 1979 Islamic Revolution, but soon had a falling out with Grand Ayatollah Ruhollah Khomeini and turned against his clerical government, carrying out a series of assassinations and bombings in the Islamic Republic.

The MEK later fled into neighboring Iraq, leading many in Iran to oppose the group. Although now largely based in Albania, the group claims to operate a network inside Iran.

Follow Llazar Semini at https://twitter.com/lsemini



Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Source link

Load More Related Articles
Load More By James Tisdale
Load More In Business
Comments are closed.

Check Also

McDonald’s Hikes Japanese Menu Prices on Plunging Yen, Inflation

Article content (Bloomberg) — McDonald’s Holdings Co. Japan will raise menu prices for the…