Iran Accuses US Of Using Opposition Group For Cyberattacks

The United States Treasury Department Friday sanctioned Iran’s intelligence ministry and intelligence minister Esmail Khatib for alleged cyber operations against the US and its allies.

The sanctions were announced two days after Albania, a NATO member since 2009, broke off diplomatic relations with Iran alleging that Tehran was behind the disruption of Albanian government computer systems in mid-July.

“The US immediate support for Albania’s baseless accusation against Iran and Washington’s prompt action to repeat sanctions relying on the undocumented accusation against the Ministry of Intelligence indicate clearly that the maker of the scenario is not the Albanian government but the American administration,” the spokesman said.

Kanaani accused the United States of forcing Albania to host a “known terrorist cult”, MEK, on the government and people of Albania.

Kanaani added that the Islamic Republic would do everything within the framework of international laws to “fulfil the rights of its people and defend itself against sinister plots.”

In a new blog post September 8, Microsoft said its Security Threat Intelligence has assessed that the perpetrators of the cyberattack on Albania were a subgroup of Iranian threat actors.

“Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services,” adding that Microsoft security intelligence assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier through various websites and social media outlets.

“Microsoft assessed with moderate confidence that the actors involved in gaining initial access and exfiltrating data in the attack are linked to EUROPIUM, which has been publicly linked to Iran’s Ministry of Intelligence and Security (MOIS),” Microsoft said.

According to Microsoft, attackers were observed operating out of Iran and used tools and a wiper code previously used by other known Iranian attackers with a history of targeting other sectors and countries that are consistent with Iranian interests.

The messaging and target selection, according to Microsoft, indicate Tehran likely used the attacks as retaliation for cyberattacks it perceives were carried out by Israel and the MEK. The cyberattacks on Albania “closely mirrored the messaging used in cyberattacks against Iran, a common tactic of Iranian foreign policy suggesting an intent to signal the attack as a form of retaliation.”

“The messages in the information operations also emphasized targeting of corrupt government politicians and their support for terrorists and an interest in not harming the Albanian people. Similarly, the attack on Iranian steel companies claimed to target the steel factories for their connections to the Islamic Revolutionary Guard Corps (IRGC) while avoiding harm to Iranians.”

Iran's state radio and television channels, government organizations, and infrastructures including the railway and fuel distribution systems, and prison security camerashave also been targeted by hacker groups in the past two years.

The television hacking in January included the appearance of supportive images of MEK leaders but MEK denied any involvement in the incident.