US, Albania on 'Hunt' for Iranian Cyber Actors
By Jeff Seldin March 23, 2023
The decision to launch a series of cyberattacks that crippled Albanian government websites and temporarily shut down government services may be backfiring on the alleged perpetrator.
Albania blamed the attacks in July and September of last year on Iran, claiming the evidence pointing to Tehran was "irrefutable," and ordered all Iranian officials out of the country.
Now, a U.S. cyber team sent to Albania to help the country recover and "hunt" for more dangers says the efforts have turned up "new data and information about the tools, techniques, and procedures of malicious cyber actors, attempting to disrupt government networks and systems."
"The hunt forward operation resulted in incredibly valuable insights for both our allied partner and U.S. cyber defenses," the Cyber National Mission Force's Major Katrina Cheesman told VOA, adding information was shared not only with the Albanian government but also some private companies with critical roles in the digital infrastructure of both countries.
Officials declined to share additional details, citing operational security, other than to say the networks they examined were of "significance" to Washington.
"These hunts bring us closer to adversary activity to better understand and then defend ourselves," the commander of U.S. Cyber National Mission Force, Major General William Hartman, said in a statement Thursday, following a visit to Albania.
1/2 The United States continues to support Albania's cybersecurity. This week, Major General William Hartman, Commander of the U.S. Cyber National Mission Force, was in Tirana to meet with National Cyber Coordinator Igli Tafa and key cyber stakeholders across the... pic.twitter.com/cRHw7sAz3Q
â€” USEmbassyTirana (@USEmbassyTirana) March 21, 2023
"When we are invited to hunt on a partner nation's networks, we are able to find an adversary's insidious activity," Hartman said. "We can then impose costs on our adversaries by exposing their tools, tactics and procedures, and improve the cybersecurity posture of our partners and allies."
Iran has consistently denied responsibility for the cyberattacks against Albania, calling the allegation "baseless."
Albania's claims were backed by the United States, which described the Iranian actions in cyberspace as "counter to international norms."
This past September, the U.S. Cybersecurity and Infrastructure Security Agency, CISA, and the FBI attributed the initial cyberattacks against Albania to Iranian state cyber actors calling themselves "HomeLand Justice."
The joint advisory warned the group first gained access to Albania's in May 2021 and maintained access to the Albanian networks for more than a year, stealing information, before launching the initial cyberattack in July 2022.
CISA and the FBI also concluded that Iran likely launched the second cyberattack in September 2022, using similar types of malware, in retaliation for Albania's decision to attribute the first round of attacks to Tehran.
U.S. officials confirmed they had sent a team of experts to Albania shortly after the attacks, but information released Thursday sheds more light on the scope of the operation.
According to the U.S. officials, the so-called "hunt forward" team was deployed to Albania last September and worked alongside Albanian officials before returning home in late December.
Prior to the mission in Albania, other U.S. "hunt forward" teams had been deployed 43 times to 21 countries, including to Ukraine, Estonia, Lithuania, Montenegro and Croatia.
Albanian officials have indicated they hope to continue working with U.S. cyber teams to further strengthen Albania's cyber defenses.
"The cooperation with U.S. Cyber Command was very effective," said Mirlinda Karcanaj, the general director of Albania's National Agency for Information Society, in a statement released by the U.S.
"We hope that this cooperation will continue," she added.
|Join the GlobalSecurity.org mailing list|