At a glance.
- Albania reports more Iranian cyberattacks.
- RaidForums' successor.
- A look at threat actor reconnaissance in the contemporary Internet.
- Attacks on infrastructure (but these are kinetic strikes, not cyberattacks).
- Update on the cyber phase of the hybrid war.
Albania reports more Iranian cyberattacks.
Albania reports that it sustained additional cyberattacks from Iran over the weekend, evidently in response to Tirana severing of relations with Tehran over earlier cyber incidents. In the most recent attacks, CNN reports that the Total Information Management System (TIMS) used for border control was taken offline.
As the outlines of Iranian attacks against Albania's government networks become clearer, the US Treasury Department announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmail Khatib, in response to their involvement in cyberattacks on the NATO country. Mr. Khatib is singled out for his role in directing "several networks of cyber threat actors involved in cyber espionage and ransomware attacks in support of Iran’s political goals." Iran condemned the US action, Al Arabiya reports, with the Foreign Ministry saying, “America’s immediate support for the false accusation of the Albanian government... shows that the designer of this scenario is not the latter, but the American government.”
Microsoft described Iran's campaign against Albania in a report published last Thursday: "Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services. At the same time, and in addition to the destructive cyberattack, MSTIC assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier. Various websites and social media outlets were used to leak this information."