The latest hack forced Albanian officials to temporarily take offline its Total Information Management System (TIMS), a system for tracking the data of those entering and leaving Albania, according to a statement from Albania’s interior ministry.
The cyberattack was the work of the “same aggressors” that carried out the July hack, Albanian Prime Minister Edi Rama alleged in a tweet. The hack occurred on Friday, according to the interior ministry, and by early Saturday evening, the ministry said it expected to have all aspects of the TIMS restored soon.
The incident poses a fresh challenge for the Biden administration, which this week vowed to “hold Iran accountable for actions that threaten the security of a US ally” and NATO member following the July cyberattack.
The Treasury Department on Friday sanctioned Iran’s spy agency for allegedly carrying out the July hack, which knocked some Albanian government services offline and left the Albanian government scrambling to recover. The White House said US officials were on the ground for weeks helping. Albania severed diplomatic relations with Iran in what may be the first case of hacking prompting a break in ties between countries.
The July hack took place before a conference in Albania due to be attended by members of MEK, an Iranian group that advocates the overthrow of the Iranian government and that Tehran considers a terrorist organization.
“We strongly condemn such malicious cyber activities designed to destabilize and harm the security of an Ally, and disrupt the daily lives of citizens,” NATO members in a statement Thursday.
In response, Iran’s embassy in Brussels on Friday “rejected the baseless accusations” that Iran was behind the July hack.
A spokesperson for the Iranian Permanent Mission to the United Nations did not immediately respond to a request for comment on Saturday on the latest hacking incident.
The US government in 2007 helped Albania, an ally in the Bush administration’s self-described “war on terrorism,” deploy the TIMS hardware and software systems for processing immigration, according to an archived State Department page.
CNN has requested comment from the White House National Security Council.
NATO Secretary General Jens Stoltenberg has said a cyberattack could trigger NATO’s collective defense clause, requiring all members to defend an attack on another member. But that principle has never been tested in practice, and it’s unclear what the threshold for such a collective defense is.
“Unfortunately, I wouldn’t be surprised if it were true [that Iran was behind the latest hack],” John Hultquist, vice president of intelligence analysis at security firm Mandiant, which investigated the July hack, told CNN. “States like Iran don’t seem to be deterred by diplomatic solutions. It’s as if the price of these incidents is ultimately acceptable to them.”