The government of Albania announced on Wednesday that it was severing diplomatic ties with Iran, after an investigation found the Iranian government to have been responsible for a series of cyberattacks on the NATO member that took place in July.
In a recorded speech, Prime Minister Edi Rama said Albania’s Council of Ministers had decided to sever diplomatic ties with immediate effect, adding that the Iranian embassy in Tirana had been formally notified that it had 24 hours for all Iranian diplomats and embassy personnel to depart Albania.
While Rama described the move as “extreme”, he said that it was “fully proportionate to the gravity and risk of the cyberattack”, which targeted Albanian government cyber infrastructure.
According to Rama, Tehran had orchestrated the attack by hiring four hacker groups to carry out the cyberattacks, claiming that one of them was a “notorious” cyber terror group that had previously been involved in cyberattacks against Israel, Saudi Arabia, the United Arab Emirates, Jordan, Kuwait and Cyprus.
The Prime Minister claimed that the goal of the cyberattacks was the “destruction of the digital infrastructure of the government of the Republic of Albania, as well as the theft of data and electronic communications of governments systems”. However, they failed, as according to him “all systems came back fully operational and there was no irreversible wiping of data”.
Following the publication of Rama’s speech, the United States and United Kingdom issued statements condemning Iran for the cyberattack. The UK’s National Cyber Security Centre assessed that Iranian state-linked cyber actors were “almost certainly” responsible for the attack, with Foreign Secretary James Cleverly saying “Iran’s reckless actions showed a blatant disregard for the Albanian people”.
White House National Security Council spokesperson Adrienne Watson stated that the United States had found Iran to be responsible for hack and leak operations conducted in the wake of the “reckless and irresponsible” cyberattack. In addition to helping Albanian long-term efforts to remediate the damage caused, Watson added that the United States would “take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace”.
US cybersecurity firm Mandiant had stated in early August that it had “moderate confidence” that the “HomeLand Justice” group claiming responsibility for the attack had links to Iran. Mandiant noted that while it did not have evidence directly linking the group to the Iranian government, the malware used featured commonalities with other malware previously used against Iranian dissidents, while HomeLand Justice’s messaging specifically targeted members of the Mujahideen-e-Khalq (MEK) in Albania, a militant movement opposed to the Iranian government.
The MEK started as one of the groups opposed to Shah Mohammad Reza Pahlavi during the Iranian Revolution, but fell out of favor soon after the Shah’s overthrow and was forced into exile, even fighting for Iraq during the Iran-Iraq war. While the MEK’s extreme control of members’ personal lives (to the point of banning marriage or romantic relationships by members) has caused it to be described as a cult, the MEK enjoyed close ties with the previous White House administration, with senior administration figures like John Bolton and Rudy Giuliani making prominent appearances at MEK events.
Albania accepted the resettlement of around 3,000 members of the MEK in 2013, with members previously in Iraq relocated to Albania. The organization has subsequently hosted its Free Iran conferences in Albania, with this year’s edition canceled ahead of its scheduled date in July following a series of threats.