The Assembly of the Republic of Albania and leading telecommunications provider One Albania have recently become the targets of cyber attacks, according to a disclosure from the country’s National Authority for Electronic Certification and Cyber Security (AKCESK). The agency indicated that these entities are not currently classified under the legislation as critical or important information infrastructure, which highlights potential vulnerabilities in their security posture.
One Albania, serving approximately 1.5 million subscribers, assured its users via a Facebook post that it effectively mitigated the cyber incident without experiencing significant disruptions. Their key services, including mobile, landline, and IPTV, reportedly remained operational despite the attack. AKCESK further clarified that the cyber intrusions did not originate from within Albania, confirming their capability to identify potential threats in real-time.
In response to the incidents, AKCESK has intensified its efforts in pinpointing the source of the attacks, restoring affected systems, and enhancing security protocols to preempt future breaches. The scale and specifics of the incidents remain unclear; however, they have captured attention due to the claim of responsibility from an Iranian hacker group, known as Homeland Justice, via its Telegram channel. This group also asserted that it had breached Air Albania, the national airline.
The motivations behind these attacks seem to be politically driven, as Homeland Justice released a statement on its official website on December 24. In this message, the group proclaimed their intent to “destroy supporters of terrorists,” accompanied by several hashtags relating to Albania and cyber attacks, thereby linking their activities to broader geopolitical narratives.
This string of attacks in Albania is reminiscent of prior destructive cyber campaigns targeting Albanian governmental services in mid-July 2022, for which Homeland Justice also claimed responsibility. Those incidents led to significant repercussions, including the U.S. government’s imposition of sanctions against Iran’s Ministry of Intelligence and Security due to its involvement in cyber-enabled threats against the U.S. and allied nations.
Business stakeholders should note the potential MITRE ATT&CK adversary tactics employed in these attacks. Initial access techniques such as phishing or exploitation of public-facing applications could have served as entry points for the attackers. Furthermore, tactics related to persistence and privilege escalation might have been utilized to maintain footholds within targeted systems and gain elevated access rights, thereby facilitating broader attack objectives.
In light of these events, AKCESK’s initiative to reassess and fortify its cybersecurity strategies stands as a critical step forward. As the threat landscape evolves, an emphasis on organizational resilience and adaptive security measures will become paramount for businesses operating in or with entities within affected regions. This incident underscores a growing need for vigilant cybersecurity practices amidst escalating global cyber threats.
