A leading US cybersecurity firm said Thursday a cyberattack that temporarily shut down numerous Albanian government digital services and websites in mid-July was done by Iran-backed hackers.
Cybersecurity firm Mandiant expressed “moderate confidence” the attackers were acting in support of Tehran’s efforts to disrupt a conference of the exiled Albania-based opposition group Mujahideen-e Khalq (MEK).
In its report, the company said that several factors reveal that the attack was carried out by pro-Iran hackers, including the timing, the content of a social media channel used to claim responsibility, and similarities in software code used with malware long used to target Farsi and Arabic speakers.
On July 18, Mandiant identified a new ransomware family dubbed ROADSWEEP, which drops a politically themed ransom note suggesting it targeted the Albanian government, and a group named “HomeLand Justice” claimed credit for the disruptive activity.
The “HomeLand Justice” posted a video of the ransomware being executed on its website and Telegram channel alongside documents purported to be Albanian residence permits of MEK members.
The July 23-24 conference by the dissident group, titled The Free Iran World Summit, was canceled following warnings from local authorities of a possible terrorist threat. The conference was scheduled to be held at Ashraf 3 camp in Manez -- 30 kilometers (19 miles) west of Albania’s capital, Tirana – where 3,000 MEK members live. Several US lawmakers were also among the invitees.
In July, Iran's Foreign Ministry sanctioned a group of US officials and lawmakers over their alleged support for the MEK group, that Tehran considers a terrorist organization.