At a glance.
- Albania attributes cyberattack to Iran.
- TikTok denies breach.
- New Linux malware.
- Ransomware targeting the education sector.
- Finland prepares to increase its cybersecurity capacity.
- CISA releases five ICS advisories.
Albania attributes cyberattack to Iran.
Reuters reports that Albania has attributed the extensive, disruptive cyberattack it sustained on July 15th, 2022, to Iran. "The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran through the engagement of four groups that enacted the aggression," Prime Minister Edi Rama said. Albania has severed diplomatic relations with Iran and ordered Iran's diplomats to leave the country. Prime Minister Rama acknowledged the stringency of the response, but said it was fully justified. "This extreme response ... is fully proportionate to the gravity and risk of the cyberattack that threatened to paralyse public services, erase digital systems and hack into state records, steal government intranet electronic communication and stir chaos and insecurity in the country," he explained.
Albanian Foreign Minister Olta Xhaçka announced Tirana's response to Tehran in a tweet this morning:
"As of today, by a decision of the [Albanian] CoM has severed all diplomatic relations with the Islamic Republic of #Iran. All diplomatic & other personnel of [Iran's[ Embassy are to leave the territory of the Republic of Albania within 24 hours. It is a decision imposed on [Albania] by the actions of [Iran] which our investigation has shown was behind the massive & unprovoked July 15th cyberattack against [Albania's] infrastructure & government services. We are confident that our allies and partners will stand shoulder to shoulder with us in facing the present and possible future challenges. Albania is a NATO member, and its action received support from other members of the Atlantic Alliance."
The US condemned the Iranian cyberattack and expressed solidarity with Albania. The White House statement issued by the National Security Council is brief enough to be worth quoting in full:
"The United States strongly condemns Iran’s cyberattack against our NATO Ally, Albania. We join in Prime Minister Rama’s call for Iran to be held accountable for this unprecedented cyber incident. The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace.
"For weeks, the U.S. government has been on the ground working alongside private sector partners to support Albania’s efforts to mitigate, recover from, and investigate the July 15 cyberattack that destroyed government data and disrupted government services to the public. We have concluded that the Government of Iran conducted this reckless and irresponsible cyberattack and that it is responsible for subsequent hack and leak operations.
"Iran’s conduct disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public. Albania views impacted government networks as critical infrastructure. Malicious cyber activity by a State that intentionally damages critical infrastructure or otherwise impairs its use and operation to provide services to the public can have cascading domestic, regional, and global effects; pose an elevated risk of harm to the population; and may lead to escalation and conflict.
"We will continue to support Albania’s remediation efforts over the longer-term, and we invite partners and Allies to join us in holding malicious cyber actors accountable and building a secure and resilient digital future."