Albania has severed diplomatic relations with Iran over a cyberattack two months ago targeting members of opposition group the Mojahedin-e Khalq Organization (MEK).
In the first gesture of its kind to be made by a state in response to a cyberattack, all staff at the Iranian Embassy in Tirana including security personnel have been expelled, with 24 hours to leave the country.
It came a day after the White House issued a statement saying its own experts were confident the “reckless, irresponsible” hack-and-leak operation on July 15 had been ordered by the Islamic Republic. US advisors have been in Albania, a fellow NATO member, for weeks to help investigate.
Albanian Minister Edi Rama said on Thursday: “The deep investigation put at our disposal undeniable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran which had involved four groups for the attack on Albania.”
Mandiant, a US cybersecurity firm, had also expressed “moderate confidence” last month that the attackers were acting on behalf of the Iranian state to target critics overseas.
A hacking group calling itself “HomeLand Justice”, claimed responsibility on Telegram for the attack, which used ransomware to scramble targets’ data. Ransomware is generally used for extortion but can also be deployed as a tool for sabotage.
They then posted a series of documents on Telegram that they claimed were the Albanian residence permits of MEK members, along with footage of the ransomware being activated.
About 3,000 members of the MEK life at the Ashraf 3 camp in Manez. In July, the group had planned to hold the Free Iran World Summit at Ashraf 3 with US parliamentarians among the guests. The meeting was cancelled “for security reasons and due to terrorist threats and conspiracies.”