Albania and Iran have had strained relations for some years now, chiefly due to Albania setting up a semi-permanent camp for Iranian dissidents that were banished from that country.
Diplomatic ties have now been formally dissolved as a cyber attack campaign attributed to Iran did damage to critical infrastructure and government websites in Albania.
While it might seem to be somewhat of a relatively minor regional conflict given other world events at present, this is the first known case of a complete break in diplomatic ties over a cyber attack. Some level of cyber espionage is tacitly expected between nations, sometimes even between those that are formally allies, but countries are showing an increasing willingness to draw firm lines when these incidents cross over into cyber attacks that do real world damage.
Damaging cyber attack on Albania plays havoc with government websites, services
The cyber attack, which took place in mid-July, has been attributed to Iran’s state-backed hacking groups by the United States; the US and other NATO allies were called upon by Albania due to the severity of the attack and the need for investigative assistance.
Albania says that the primary focus of the cyber attacks was to expose information on the dissidents that it is providing safe harbor to, with scans of their residence permits stolen and published on a Telegram channel run by the attackers. Ransomware also appears to have been deployed fairly broadly, however, and took some government websites offline for some time. The Albanian government says that the attackers also tried to use ransomware against assorted public services but were thwarted in the attempt.
Perhaps the most direct form of damage caused by the cyber attack was the cancellation of the Free Iran World Summit, a conference scheduled for late July that would have included representatives from the US government among its attendees. Iran and the US have not had diplomatic ties of their own for decades, and Iran’s hackers have been accused of election interference in recent years (and are expected to make further attempts in November).
New precedent set for severing diplomatic ties?
Albania waited nearly two months to take this action, letting an investigation led by the FBI and US intelligence to play out before making the call to sever diplomatic ties with Iran. But after making the decision, Iran’s embassy was given just 24 hours to clear out and staff was required to exit the country.
Though the attack involved ransomware, there did not appear to be any intent by the attackers to extort money from Albania. The ransomware used was modified to simply wipe data, and included code indicating that it was aimed at harming the Iranian dissidents living in the country.
Iran has denied its involvement despite the evidence presented by the US and additional attribution by Microsoft’s security team. The US government seems certain in its findings, calling the attack irresponsible and expressing concern about the precedent it could set in damaging diplomatic ties between nations during peacetime.