By Andrew Higgins
Tirana, Albania: Customers at one of Albania’s biggest banks got a shock shortly before Christmas when a curt text popped up on their mobile phones: “Your account has been blocked. The balance of your account is zero. Thank you.”
The messages, which turned out be fake, signalled the opening of a disruptive new front in what Albanian authorities, the United States and NATO have identified as an enormous cyberattack orchestrated by Iran on one of the weakest members of the military alliance.
“It is an attack – an aggression against the sovereignty of one country by another state,” Prime Minister Edi Rama said in an interview in Tirana, the Albanian capital, calling the assaults “absolutely the same as a conventional military aggression, only by other means”.
The onslaught has swept Albania, a Balkan nation with fewer than 3 million people, into a maelstrom of uncertainty and plunged it into big geopolitical battles involving Iran, Israel and the United States.
The reason for the attacks, which began with a stealthy penetration of government servers in 2021, but started causing visible disruption only last year, appears to be Albania’s sheltering of Mujahedeen-e-Khalq, known as MEK, a secretive Iranian dissident group, on its soil.
Also playing a role are the polarised politics of Washington, where prominent Republican hawks on Iran have been strong backers of MEK’s.
Hired by the Albanian government to investigate, Microsoft, in a report on the attack, attributed it with “high confidence” to “actors sponsored by the Iranian government”, identifying MEK as the “primary target”. The campaign against Albania was probably “retaliation for cyberattacks Iran perceives were carried out by Israel” and MEK.
A logo stamped on confidential Albanian documents leaked by the attackers features an eagle preying on the symbol of a hacking group known as Predatory Sparrow – which Iran blames for attacks on its own computer networks – inside a Star of David.
Albania, which has a large, mostly secular Muslim population, severed relations with the Islamic Republic of Iran in September, expelling its diplomats in response to what experts say is the most disruptive cyberattack in Europe on a NATO member since 2007.
The attack on Albania has not only disrupted the government’s work and sought to undermine trust in financial institutions, but it has also involved the leak of a vast trove of confidential information.
The New York Times
Get a note directly from our foreign correspondents on what’s making headlines around the world. Sign up for the weekly What in the World newsletter here.