Cybersecurity

US condemns ‘unprecedented’ Iranian cyberattack against Albania

The U.S. National Security Council (NSC) on Wednesday called for Iran to be held accountable for an “unprecedented” cyberattack it said the country committed against Albania in July. 

NSC spokesperson Adrienne Watson said in a release the United States condemns Iran’s actions and plans to hold Iran accountable for threatening the security of an ally and setting a “troubling precedent” for cyberspace. 

A cyberattack temporarily shut down multiple Albanian government digital services and websites on July 15. Prime Minister Edi Rama said in a statement addressed to the Albanian people on Wednesday that an investigation confirmed “without a shadow of a doubt” that the attack was not conducted by individuals or independent criminal organizations, but state-sponsored group. 

Rama said investigators reviewed “indisputable” evidence that Iran ordered the attack and engaged four groups that conducted it, including one that has previously launched cyberattacks on Israel, Saudi Arabia, the United Arab Emirates, Kuwait and Cyprus. 

He said Albania has cut diplomatic relations with Iran effective immediately and ordered all diplomatic, technical, administrative and security staff at the Iranian embassy to leave within 24 hours. 


Watson said the U.S. government has been working alongside private sector partners for weeks to support Albania’s efforts to recover from and investigate the attack. Albania is an ally of the U.S. as a member of NATO. 

Watson said Iran’s conduct ignores established peacetime norms of a state refraining from damaging infrastructure that provides a service to the public. 

“Malicious cyber activity by a State that intentionally damages critical infrastructure or otherwise impairs its use and operation to provide services to the public can have cascading domestic, regional, and global effects; pose an elevated risk of harm to the population; and may lead to escalation and conflict,” she said. 

Rama said damages from the attack are minimal as all systems returned fully operational and no irreversible wiping of data occurred.