USA imposes sanctions on Iran over Albania cyber attack

The United States has imposed sanctions on Iran’s Ministry of Intelligence and its minister, accusing them of engaging in other cyber activities against the United States and its allies.

The move comes after Albania severed diplomatic relations with Iran on Wednesday over the alleged hacking of government digital services and websites in July and again in early September. Albania ordered all Iranian diplomats and embassy staff to leave within 24 hours.

The US Treasury Department said in a statement that Iran’s Ministry of Intelligence directs several networks of cyber-threat actors, including those involved in cyber espionage and ransomware attacks in support of the Iranian government.

“Iran’s cyber attack against Albania disregards norms of responsible peacetime State behaviour in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public,” Treasury official Brian Nelson said. “We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners.”

The July cyber attack has sparked a diplomatic crisis between Albania and Iran, which has rejected the allegations it was responsible for the incident as “baseless”.

The “wide and complex” attack began on Friday 15 July, and targeted Albanian government infrastructure and other public online services, rendering them functionless, the government said. The cyber attack occurred not long after the government of Albanian Prime Minister Edi Rama closed desk services for the population and ordered mandatory use of its online services for everything from enrolling in school to obtaining an ISBN number for a new book at the National Library.

As a result of the sanctions, the assets of the targeted individuals and entities in the US will be frozen and it will become illegal for American citizens to do business with them. The measures come a day after Washington imposed penalties on several Iranian companies, accusing them of being involved in the production and transfer of drones to Russia for the war in Ukraine.

Iran has disregarded “norms of responsible peacetime state behaviour in cyberspace,” US Secretary of State Antony Blinken added in a statement.

Iran rejected the sanctions as ineffective and politically motivated.

“Like previous illegal US sanctions against the Ministry of Intelligence, this new label will never be able to create the slightest hinder in the determination of the Iranian people’s security servicemen in this proud institution,” Iran’s Foreign Ministry spokesperson Nasser Kanaani said.

The July attacks temporarily disrupted government websites and other public services. Analysts say the operation was intended to punish Albania for supporting an Iranian dissident group based in the country, known as the Mujahedin-e Khalq. 

Over the last couple of years, there has been a significant surge in cyber attacks, which, when they are targeted at public administrations, can have significant consequences. 

“Governments are at outsized risk from cyber attack, both from cyber criminals as well as geopolitical adversaries,” said Chris Clements, vice president of solutions architecture at Cerberus Sentinel. “Government systems and networks can lag in cyber-security best practices and promptness and thoroughness of patching compared to private organisations.  This makes them softer targets for cyber criminals looking for an extortion payday through ransomware and mass-scale data theft as well as hostile foreign nation states looking to disrupt their target’s operation.”