Security News > 2022 > August > Iranian Hackers Likely Behind Disruptive Cyberattacks Against Albanian Government
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022.
Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "Geographic expansion of Iranian disruptive cyber operations."
The July 17 attacks, according to Albania's National Agency of Information Society, forced the government to "Temporarily close access to online public services and other government websites" because of a "Synchronized and sophisticated cybercriminal attack from outside Albania."
Although the exact nature of the wiper is unclear as yet, Mandiant said an Albanian user submitted a sample for what's called ZeroCleare on July 19, coinciding with the attacks.
The connections to Iran stem from the fact that the attacks took place less than a week prior to the World Summit of Free Iran conference on July 23-24 near the port city of Durres by entities opposing the Iranian government, particularly the members of the MEK. "The use of ransomware to conduct a politically motivated disruptive operation against the government websites and citizen services of a NATO member state in the same week an Iranian opposition groups' conference was set to take place would be a notably brazen operation by Iran-nexus threat actors," the researchers said.
The findings also come two months after the Iranian advanced persistent threat group tracked as Charming Kitten was linked to an attack directed against an unnamed construction company in the southern U.S..
News URL
https://thehackernews.com/2022/08/iranian-hackers-likely-behind.html