Pierluigi Paganini
February 02, 2024
A sophisticated cyberattack on Wednesday hit Albania’s Institute of Statistics (INSTAT). The institute confirmed that the attack affected some of its systems.
Albania’s Institute of Statistics (INSTAT) promptly activated emergency protocols to respond to the incident. The organization launched an investigation into the cyberattack and determined that only “some of INSTAT systems were affected.” The attack did not impact systems employed in the 2013 census.
“INSTAT assures the public that the 2023 Census data are not the subject of this attack. INSTAT’s technical team immediately activated emergency protocols to protect the data and prevent further damage.
INSTAT will continue its statistical activity and will use alternative means of communication such as the email address instat.albania@gmail.com and the official social media channels, Instagram and Facebook.” reads the statement published by INSTAT on Facebook.
NSTAT notified local authorities and is working to resume normal operations.
Albania’s cyber agency (AKCESK), along with state police, is helping INSTAT recover the affected systems and attribute the attack to a specific threat actor.
The Record Media reported that the Iran-linked hacking group Homeland Justice claimed responsibility for the attack. The hackers added that they have stolen over a 100 Terabytes of GIS and census data from the INSTAT.
“We now have full access to over a 100 Terabytes of your GIS and census data. The data have also been copied and removed from the servers. We will bring Justice back to our Homeland
All the statistics are against you
DestroyDurresMilitaryCamp (#DDMC)” states the message published by the group on its Telegram channel.
Despite claims, it's yet to be verified if any data was compromised. While INSTAT insists recent census data was unaffected, Homeland Justice claims they copied over 100 terabytes of geographic and population data. Albania's cyber agency AKCESK is now collaborating with state…
— The Record From Recorded Future News (@TheRecord_Media) February 2, 2024
In December 2023, Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania.
The telecom carrier disclosed the cyber attack with a post published on Facebook, the company also added that the cyber attack did not interrupt its services.
The Iranian hacker group Homeland Justice also claimed responsibility for this attack on its Telegram channel. The group also claimed to have hacked Air Albania.
In September 2022, Albania blamed Iran for another cyberattack that hit computer systems used by the state police.
Albania interrupted diplomatic ties with Iran and expelled the country’s embassy staff over the massive cyber attack that hit the country in mid-July 2022.
The cyberattack hit the servers of the National Agency for Information Society (AKSHI), which handles many government services. Most of the desk services for the population were interrupted, and only several important services, such as online tax filing, were working because they are provided by servers not targeted in the attack. Albania reported the attack to the NATO Member States and other allies.
The relations between Albania and Iran have deteriorated since the government of Tirana offered asylum to thousands of Iranian dissidents.
The United States government issued a statement condemning Iran for attacking Albania.
“The United States strongly condemns Iran’s cyberattack against our NATO Ally, Albania. We join in Prime Minister Rama’s call for Iran to be held accountable for this unprecedented cyber incident. The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace.” U.S. National Security Council spokesperson Adrienne Watson said. “We have concluded that the Government of Iran conducted this reckless and irresponsible cyberattack and that it is responsible for subsequent hack and leak operations.”
NATO, and the U.K. also formally blamed the Iranian government for the cyberattacks against Albania.
The U.S. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July.
MOIS is the primary intelligence agency of the Islamic Republic of Iran and a member of the Iran Intelligence Community. It is also known as VAJA and previously as VEVAK (Vezarat-e Ettela’at va Amniyat-e Keshvar) or alternatively MOIS.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Albania)
