London Politica

View Original

Albania cuts ties with Iran over alleged cyberattacks. Has Iran extended its reach?

On September 6th Albania cut diplomatic ties with Iran, expelling Iran's embassy staff, over an alleged major cyberattack carried out in mid-July by Tehran against Albanian government websites. According to the Interior Ministry of Albania, the country suffered another cyberattack against their national police apparatus just days after. This is the first instance of a country cutting diplomatic ties over a cyberattack. The incident, however, is further complicated by a decade of alleged United States interference and bitterness between Tirana and Tehran. 

The first cyberattack occurred on July 15th, targeting numerous Albanian government and public digital services websites. Almost immediately, Albanian Prime Minister Edi Rama said the attack was a “state aggression” by four state-affiliated groups in Iran. On September 7th, one day after the diplomatic expulsion of Iranian embassy staff from Tirana, the White House released a statement condemning the July attack. In the statement, National Security Council Spokesperson Adrienne Watson calls for Iran to be held accountable and notes how US experts were on the ground to assist Albania in the investigation. Earlier in September, US cybersecurity firm Mandiant concluded “with moderate confidence” that at least one of the actors involved operated in support of Iranian goals. The firm also noted that the attack came days before the start of a conference, which was to take place in Albania, and was affiliated with the exiled Iranian opposition group Mujahedeen-e-Khalq (MEK).

The MEK opposition group is key to understanding why Tehran could be behind these cyberattacks. Iran considers the MEK a terrorist organisation due to a string of bombings, assassinations, and armed assaults in Iran during the Iran-Iraq War of the 1980s. Iran claims MEK is responsible for 17,000 deaths during the war. Since 2013, with the help of US and United Nations forces, around 3,000 MEK members have lived in the Albanian town of Manëz, around 30km from Tirana at Camp Ashraf-3, the headquarters of the MEK. Camp Ashraf-3’s perimeter is lined with Iranian flags and is continuously protected by Albanian private security. MEK has historically been designated a terrorist group by both the US and the European Union but was delisted more than a decade ago after the group renounced violence and was offered shelter in Albania. 

The MEK also played a central role in cybersecurity firm Mandiant's investigation. It was Mandiant who first discovered the connection between MEK and the cyberattacks, in addition to a video featuring the Albanian residence permits of alleged MEK members, posted on Telegram by a group named "HomeLand Justice" to claim credit for the cyberattack. Mandiant's report also noted that a ransomware sample included the text "Why should our taxes be spent on the benefit of DURRES terrorists?" in reference to the Durres county where Manëz is located. 

The Iranian response to these accusations from Albania and the US has been of denial. Iran's ambassador and permanent representative to the United Nations, Amir Saeed Iravani, noted in a statement to the UN Secretary-General that the allegations are fake and unfounded, turning attention to cyberattacks targeting Iran. Further, the letter states that the very nature of cyberspace allows extra-state entities to pursue political agendas and implicate states, in this case, Iran, in cyberattacks that are completely unrelated. In response to the severing of diplomatic ties, Iran's Ministry of Foreign Affairs claimed that the country's hosting of MEK members indicates Tirana is being influenced by third parties, namely the US. According to the Ministry and Iranian state media, the movement of MEK members from Iraq to Albania decades ago was due to the US wanting to maintain the group's survival in order to sabotage and spy on the Iranian state

Iran has many motivations to be behind, or at least support, these cyberattacks against Albania. Primarily, targeting Albania before the July MEK conference was a way to distract global attention from the gathering and also played a part in the conference’s cancellation. Reducing global resistance against Iran is of utmost importance to the Islamic Republic, and the first cyberattack reifies this. Similarly, the second cyberattack can be seen as a direct response to the United States’ statement and Tirana’s severing of diplomatic ties with Tehran. As Tehran sees the MEK as directly tied to the Albanian state and US leadership, a secondary cyberattack is a way of confirming Tehran’s long-held sentiment that the US is using the MEK to target Iran. 

Tehran has few wins from pursuing such actions. Apart from temporary gains –  increased media attention, the cancelling of the MEK conference, and the temporary disabling of Albanian government infrastructure – there are few significant gains for Iran. However, the alleged attacks are a reach for Tehran’s typical regionally-bound foreign policy that focuses on Middle Eastern allies and neighbouring states. Iran’s foreign reach has also expanded during the Russia-Ukraine war, with Ukraine claiming it encountered an Iranian-made drone used by Russia on a battlefield on 13 September. While Tehran’s continued allyship with Russia is expected, the reach into Albania through these alleged cyberattacks is significant. Yet, the implications of it – the cutting of diplomatic ties and expulsion of embassy staff – are harsh and show that Albania, with the backing of the US, has little patience for Tehran’s attacks against its foes abroad. While the alleged cyberattacks are an alarming reach for Tehran past its traditional battlegrounds into the cyber realm, the repercussions from Albania are likely enough to deter Iran from pursuing further attacks that have serious implications for state infrastructure. Even if Tehran has a solid reason to attack MEK members, the group’s giving up of arms and support by Albania and the US is enough to keep them protected, for the near future, from any further reach by Iran.