Albania has accused Iran for a second cyberattack that disrupted computer systems used by Albanian state police forcing officials to temporarily shut down its Total Information Management System (TIMS), a system for tracking the data of those entering and leaving Albania.
Albanian Prime Minister Edi Rama said in a tweet that the latest hack, which occurred last Friday, was the work of the “same aggressors” responsible for the July cyberattack that disrupted Albanian government services and websites and was attributed to Iranian hackers. Following the cyber incident Albania severed diplomatic relations with Tehran.
The news comes just days after the US Treasury Department’s Office of Foreign Assets Control (OFAC) imposed new sanctions on Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence Esmail Khatib for conducting cyber activities against the US and its allies.
“Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector organizations around the world and across various critical infrastructure sectors,” the agency said in a statement. “In July 2022, cyber threat actors assessed to be sponsored by the Government of Iran and MOIS disrupted Albanian government computer systems, forcing the government to suspend online public services for its citizens.”
In a technical analysis of the July attack released last week Microsoft said the attackers likely gained access to the Albanian government’s networks in May 2021 through a known vulnerability (CVE-2019-0604) in an unpatched Microsoft SharePoint Server. According to the tech giant, as many as four Iranian threat actors took part in this attack:
-
DEV-0861 (a subset of APT34 aka OilRig or Europium) gained initial access and exfiltrated data
-
DEV-0842 deployed the ransomware and wiper malware
-
DEV-0166 exfiltrated data
-
DEV-0133 probed victim infrastructure
All four of the threat actors are affiliated with Iran’s Ministry of Intelligence and Security, Microsoft said.