Updated on 2022-09-23: Hackers Lurked in Albanian Government Network for More Than a Year
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a national cyber awareness alert about Iranian state-sponsored hackers’ attacks against the Albanian government’s network. The report provides details about the length of time after initial access that various activity commenced; encryption and wiper attacks were launched more than a year after the attackers first accessed the network.
Note
- Dwell time continues to vex cyber defenders. Mitigations in the CISA alert go beyond segmentation and MFA; make sure that you’ve looked at all the areas, not only to reduce the likelihood of compromise but also empowered your defenders to detect, block and remediate when the breach comes.
- It would be naive and dangerous to assume that, post SolarWinds, that one does not have “lurkers.” Think “zero trust,” at a minimum network segmentation, to resist the damage they might do.
Read more in
- Alert (AA22-264A) Iranian State Actors Conduct Cyber Operations Against the Government of Albania
- CISA, FBI Detail Iranian Cyberattacks Targeting Albanian Government
- Iranian Hackers Accessed Albania’s Network for 14 Months
Updated on 2022-09-22: HomeLand Justice IOCs
CISA and the FBI have published a joint report [PDF] on Wednesday with indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by “HomeLand Justice,” the name used by the Iranian hackers in their attack against the Albanian government. The joint report confirmed a similar analysis published by Microsoft earlier this month, which said that the Iranian hackers gained access to the Albanian government’s network a year prior to their attack in May 2021. Read more: Microsoft investigates Iranian attacks against the Albanian government
Updated on 2022-09-21
The FBI and the CISA stated that the Iranian hackers behind the attack on the Albanian government networks lurked in the systems for around 14 months. Read more: FBI: Iranian hackers lurked in Albania’s govt network for 14 months
Overview
Gag order in Albania
The Albanian government has put a gag order on local press to prevent them from reporting any stories sourced from documents that were stolen and recently leaked by Iranian hackers. Read more: Gag order issued to stop release of information stolen by hackers
Albanian cuts ties with Iran
Tirana no longer has diplomatic ties with Tehran after expelling its embassy over a major cyberattack some two months ago that the southeastern European country blames on Iran, per the Associated Press. Albania’s government websites were downed by the attack. Iran denied any involvement, despite Microsoft, Mandiant, the White House and the U.K.’s Foreign Office pointing their collective fingers all at Iran. The cyberattack is likely linked to Albania’s sheltering of 3,000 Iranian dissidents. Albania is a NATO member, but Article 5 — an attack on one is an attack on all — has not been invoked. The only time it was invoked was following the 9/11 attacks in 2001. But the White House did say it vowed unspecified retaliation for the hack and leak operation regardless.
Read more in
- Albania cuts diplomatic ties with Iran over July cyberattack
- Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
- Statement by NSC Spokesperson Adrienne Watson on Iran’s Cyberattack against Albania
- UK condemns Iran for reckless cyber attack against Albania
