Albania, Kosovo, Montenegro and North Macedonia Victims of Cyber-Attacks
Albania severed its diplomatic relations with the Islamic Republic of Iran after an investigation proving Tehran orchestrated the July cyber attack. Kosovo was also target of cyber-attack seemengly by the same attacker. Montenegro and N. Macedonia also experienced a late summer wave of cyber-attacks against parts of their digital infrastructure
Albania severed its diplomatic relations with the Islamic Republic of Iran after an investigation proving Tehran orchestrated the July cyber attack. Kosovo was also target of cyber-attack seemengly by the same perpetrator. Montenegro and N. Macedonia also experienced a late summer wave of cyber-attacks against parts of their digital infrastructure
“The Council of Ministers has decided, with immediate effect, to sever diplomatic relations with the Islamic Republic of Iran.” Prime Minister Edi Rama announced on September 7, 2022, through a video message on the social media. He argued the decision to sever diplomatic relations with Iran comes after an in-depth investigation into the July 15, cyber-attack in Albania proving the attack was orchestrated and sponsored by the Islamic Republic of Iran.
Respecting the 24-hour deadline set by the Albanian government, the 72 representatives of the state of Iran left Albania on the morning of September 8th. Meanwhile, the Government in Iran, through the Minister of Foreign Affairs, Nasser Ka’nani, considered the accusations baseless, emphasizing the role of third parties (the USA and Israel) in Albania’s decision-making.
In 30 years of democracy, this is the first time for Albania to decide breaking relations with another country. The United States of America , the European Union , the United Kingdom as well as NATO condemned Iran’s attack and expressed support for Albania.
After this drastic decision, experts fear the risks that may follow regarding security.
Personally, I think this was the right decision, but in my opinion, since we have repeated cyber-attacks, this should make our government take country’s cyber-security more seriously, and this is the case for Albania together with the Republic of Kosovo, to make a joint investment in this field. It is great luck that we have an excellent alliance with our strategic ally, the USA and not just them, enabling assistance, protection and monitoring in record time, says for Faktoje Dr. Dritan Demiraj, who served in the Armed Forces of Albania for 35 years, as well as headed the Ministry of Internal Affairs.
On the other hand, the security expert Fabian Zhilla says that the termination of diplomatic relations with Iran was hasty, because the decision was not accompanied by other preliminary steps.
I say that the government’s decision is hasty, because no protective measures have been taken. Until now, we do not have a plan of measures made public – emphasizes Zhilla for Faktoje, adding that the termination of relations with Iran exposes us to other cyber attacks as well as subversive operations from this country.
Our government should ask MEK not to use the Albanian space for their internal political issues. Public officials, as well as those working in important financial institutions, should also be instructed about the risks of cyber attacks. Today, Albania is in a war situation with Iran and must be seriously prepared for it – concludes his comment Zhilla.
Just three days after cutting off relations with Iran, the same attackers hit the TIMS system, which the government said was back up and running on the morning of September 11th.
Colonel Dritan Demiraj estimates that Albania, together with its partners, is able to cope successfully in the event of an escalation of the situation.
I think there is a serious commitment of all the security agencies in our country together with the law enforcement, the armed forces and others, which are mobilized to the maximum to implement their constitutional mission. In case of escalation, our country has cooperation in record time with other Western countries, which at any moment can make it possible to take measures and successfully face these threats.
For IT expert Edmond Liçaj, the cyber war Iran has launched against Albania will be difficult for our country.
Albania’s capacities to face such an enemy in the political, economic, cyber or any other aspect do not favor us. In my opinion, the decision was not voluntary, but requested by our partners, since we cannot come out so openly against a state and accuse it, because we do not have the capacity to defend ourselves properly, Liçaj emphasizes for Faktoje, adding that another level of defense and tactics is required both in relation to cyber security and in terms of national security.
Even the journalist Lavdërim Lita, very well versed in security issues, says that under these conditions, the government should invest in the field of cyber security.
First, strengthening the capacity with human resources and infrastructure of the Anti-Cyber Unit in the Armed Forces, investing in uniformed IT engineers. Second: Akshi(National Information Society Agency) should operate at the cabinet level in the government and not as an agency under the Prime Minister’s Office. That is, an information ministry equipped with a legal framework and special infrastructure. Thirdly, due to the increase in cyber crimes, unit C in the State Police should be turned into an anti-cyber police agency, according to western models, says Lita.
Since 2013, relations between Albania and Iran have been tense due to the decision of the Albanian government to shelter as refugees several thousand mujahedin, part of the opposition organization, MEK , with the mediation of the United States of America. Albania’s decision to sever diplomatic relations follows a series of decisions to expel civilians and diplomats from Iran in recent years.
In 2018, Iran’s ambassador in Tirana, Gholamhossein Mohammadnia, and another diplomat were declared non grata because, according to intelligence services, they were involved in activities undermining national security.
In the same year, two Iranians tried to organize an attack on the premises of the Bektashian seat during the Sultan Nowruz holiday that failed, and the perpetrators were arrested in 2019 as part of a terrorist cell.
On January 15, 2020, the Albanian authorities announced they had ordered the expulsion from Albania of two Iranian diplomats, whom they had also announced non grata. At that time, the Ministry for Europe and Foreign Affairs stated that Mohammad Ali Arz Peimanemati and Seyed Ahmad Hosseini Alast, had conducted “activities inconsistent with their status and the principles of the Vienna Convention on Diplomatic Relations and have been requested to leave immediately from the territory of the Republic of Albania”.
Meanwhile, on July 23, 2020, Albania expelled Dabiel Kassrae, an Iranian of Italian citizenship, who was banned from staying in our country for a period of 15 years. Likewise, on October 18, 2020, Albania declared non grata for a period of 15 years, the Iranian national Ehsan Bidi, as he was suspected of being part of the Iranian agencies against the mujahedin community known as the MEK.
Montenegro Under Cyber Attack for an Entire Month
On the August 20, Montenegro government’s IT network came under strong cyber-attack which is, as the country’s authorities say, still ongoing.
The whole country went into, what can be called, panic mode, because nobody knew what the next target could be or who was behind these attacks.
Citizens were warned that attack is happening and the state officials came out with somewhat different stories.
Prime Minister Dritan Abazović said this was a political attack, while the National security agency said this was the work of Russian inteligence and they fear that worse is yet to come, adding that water supply and electricity transmission could be next under attack.
Soon after, Minister of Public Administration, Maraš Dukaj, stated that cyber group – Cuba ransomware performed the attack.
“Ransomware” usually means someone is going to ask for money in exchange for a return of stolen data, but no such request has been reported by now. On the other hand, the Government’s decision is not to negotiate with hackers. Minister Dukaj says all the data is safe, because there are copies. Still, Minister of Interior, Raško Konjević, says some data is lost forever.
News about cyber attack in Montenegro soon reached far and wide. Since Montenegro is a western ally and NATO member, the Alliance soon offered to help. Same goes for the FBI, whose experts came to the country to assist Montenegro’s authorities.
Balkan investigative reporting network (BIRN) has reported that the attack was an “inside job”, claiming that malicious software was uploaded from one of the government’s computers.
The country is still under attack, but other than online government’s services not working, no major breach has been reported.
Still, experts in Montenegro fear that cyber-attacks could damage other big state companies, such as electric power industry, or water supply. Chairman of the Board of state electrical company, Milutin Đukanović, said that all the power plants have been switched to manual.
There are no estimates on how much these cyber-attacks cost the country, but the experts say they were carefully planned and the virus could cost anywhere from 100 thousand up to 2.5 million dollars.
Kosovo – Target of Cyber Attacks
Kosovo, like other countries in the region, has become a target of cyberattacks. During the first week of September, in certain periods of time, government IT systems have been facing “DdoS” (Distributed Denial of Service) type cyberattacks causing occasional stoppages in the Internet service within government institutions and occasional lack of access to some government services. The website of the Prime Minister’s Office, some ministries, that of the Kosovo Police, the e-Kosova Platform and some media have been targeted by cyberattacks.
According to the announcement by the Prime Minister’s Office, during the periods of the attack, the cyber security team from the Information Society Agency (ASHI) was completely committed to minimize the impact of the attack regarding the accessibility and functionality of the services.
According to ASHI, in cooperation with external experts and the application of adequate measures, the cyber-attack was overcome and attempts to continue it were prevented.
After a few hours of disruption, all services returned to normal, as the government declared that at no time the data stored in the State Data Center within the Institutions of the Republic of Kosovo have been compromised.
One of the main telephone companies – Kosova Telekom – also faced cyber-attacks. This company has said that the IP addresses from which the attacks came have been identified, but they have not indicated the source.
The technical director at Kosova Telecom, Halil Krasniqi, stated that the attack was carried out by 30,000 unidentified computers with different IP addresses.
The attack that hit the telecom is also known as DDoS, through which fake packets are created in the network, from many computers. According to Telekom executives, the only risk was the load on the network, denying that there was an attempt to access the Telekom system, where the data of customers receiving services from the company would be at risk.
Following the mass attack, the institutions are analyzing the situation to identify where they came from. On Tuesday, the Prime Minister of Kosovo, Albin Kurti, paid an urgent visit to Tirana, where he met with the Prime Minister of Albania, Edi Rama. Among other things, they talked about the latest cyber-attacks.
According to a Microsoft analysis, cyberattacks against the Government of Albania are politically motivated and behind them are actors connected to the Government of Iran. After the attack, Albania severed diplomatic relations with Iran, giving 24 hours to the diplomatic staff of the country’s Embassy to leave Tirana.
In order to increase the level of security, the government of Kosovo on Tuesday approved the Draft Law on Cyber Security, through which the Agency for Cyber Security is established. The draft law defines the principles of cyber security, the institutions that develop and implement the cyber security policy, as well as the responsibilities of the authorities in this field.
Whereas, cyber security experts have asked the government to urgently block all IPs from countries such as: Iran, Russia, China and North Korea.
Mysterious, But Also Well-Known Hackers Attack Web Sites in N. Macedonia
In August 2022 the iKnow electronic support system at the St. Cyril and Methodius University (UKIM) in Skopje, North Macedonia, stopped working, and the stated reason was a cyber-attack. This was confirmed by the IT and Computer Engineering Faculty (FINKI), tasked with the maintenance of the university’s computer systems. Couple of days after this attack, the web site of the Education and Science Ministry (MON) also stopped working.
UKIM students complained not being able to log in to the iKnow – the university’s electronic support system and enrol the exams for the upcoming exam season.
FINKI stated that the university computer system is a victim of DDoS attack, type of cyber-crime creating an overflow of fake traffic stopping the users from logging in and using the connected services and web sites.
Previously, the Facebook profile of the same university was also target of an attack. At first, there was a three hour long live video of somebody playing the League of Legends computer game. This video was then removed, but the perpetrator continued uploading somewhat funny and weird video clips. The UKIM profile on this social network does not exist anymore.
On August 18, 2022, the web site of the Education and Science Ministry (MON) was also under a hacker’s attack. For couple of hours the following message was visible on the web site’s home page: HACKED BY GREEK HACKING TEAM NETWATCHERS.
The attack caused all the pages of the web site to become inaccessible, while all the links led to a YouTube video titled Famous Macedonia. The Ministry has never explained the reasons for such a state of their web site.
Greek hackers used to attack web sites of N. Macedonia’s institutions before the signing of the so called Prespa Agreement, when the countries had a disagreement regarding the use of the name Macedonia. But, after this issue was solved, it is unusual to see such an attack once again, if the attacker is really a Greek hacking collective and not one merely posing as originating from there.
This story is based on joint coverage by Faktoje.al, Raskrinkavanje.me, Sbunker.net and Truthmeter.mk as part of the regional initiative Western Balkans Anti-Disinformation Hub.