Skip to Content

Albanian cuts ties with Iran

Updated on 2022-09-23: Hackers Lurked in Albanian Government Network for More Than a Year

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a national cyber awareness alert about Iranian state-sponsored hackers’ attacks against the Albanian government’s network. The report provides details about the length of time after initial access that various activity commenced; encryption and wiper attacks were launched more than a year after the attackers first accessed the network.


  • Dwell time continues to vex cyber defenders. Mitigations in the CISA alert go beyond segmentation and MFA; make sure that you’ve looked at all the areas, not only to reduce the likelihood of compromise but also empowered your defenders to detect, block and remediate when the breach comes.
  • It would be naive and dangerous to assume that, post SolarWinds, that one does not have “lurkers.” Think “zero trust,” at a minimum network segmentation, to resist the damage they might do.


Updated on 2022-09-22: HomeLand Justice IOCs

CISA and the FBI have published a joint report [PDF] on Wednesday with indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by “HomeLand Justice,” the name used by the Iranian hackers in their attack against the Albanian government. The joint report confirmed a similar analysis published by Microsoft earlier this month, which said that the Iranian hackers gained access to the Albanian government’s network a year prior to their attack in May 2021. Read more: Microsoft investigates Iranian attacks against the Albanian government

Updated on 2022-09-21

The FBI and the CISA stated that the Iranian hackers behind the attack on the Albanian government networks lurked in the systems for around 14 months. Read more: FBI: Iranian hackers lurked in Albania’s govt network for 14 months


Gag order in Albania

The Albanian government has put a gag order on local press to prevent them from reporting any stories sourced from documents that were stolen and recently leaked by Iranian hackers. Read more: Gag order issued to stop release of information stolen by hackers

Albanian cuts ties with Iran

Tirana no longer has diplomatic ties with Tehran after expelling its embassy over a major cyberattack some two months ago that the southeastern European country blames on Iran, per the Associated Press. Albania’s government websites were downed by the attack. Iran denied any involvement, despite Microsoft, Mandiant, the White House and the U.K.’s Foreign Office pointing their collective fingers all at Iran. The cyberattack is likely linked to Albania’s sheltering of 3,000 Iranian dissidents. Albania is a NATO member, but Article 5 — an attack on one is an attack on all — has not been invoked. The only time it was invoked was following the 9/11 attacks in 2001. But the White House did say it vowed unspecified retaliation for the hack and leak operation regardless.


    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on