Cyberattackers believed to be from Iran have started publishing sensitive information from the border control authorities, including documents on alleged plots to kill Albanian and Kosovo politicians, while the prosecutor in Tirana has banned media from publishing any of the data.
Albania has been subject to a string of cyberattacks since 15 July that brought digital government systems to a standstill and saw a site called ‘Homeland Security’ offer to sell reams of sensitive citizen and government data while threatening to publish more. Another followed this attack in September that brought all border computer systems offline, causing chaos at border crossings and airports.
Since Monday, a number of documents, emails, and memos between politicians, authorities and institutions and ambassadors have been published via the Homeland Security Telegram channel. On Monday evening, the prosecutor announced that publishing such data would be pursued as a criminal act.
“The prosecutor’s office has decided that no data published by the authors of the cyber attack shall be published by audiovisual media, print, online, in social networks or in any form of publication or transfer of data,” it reads.
One document published just over a week from the last attack reveals that the Counter-Terrorism Unit in Kosovo was made aware of a plan to kill Prime Minister Albin Kurti. According to data in the report, the person suspected of planning to carry out the attack was Prek Kodra, someone reportedly skilled as a sniper and suspected of murders in Kosovo and Montenegro. Kurti was to be targeted along with two others to destabilise the country.
Another document relates to an alleged plot to kill the then-leader of the Democratic Party, Lulzim Basha, in 2017. It details that the assassination would be carried out by three people, each with a history including drug trafficking, jihad activities in Syria, and suspected assassinations.
Investigations were carried out, but nothing credible was found, and it was dropped.
The hackers also published documents relating to the border movements of former Director of the State Police, Gledis Nano, who previously worked for the anti-terror unit. Published data includes all his entries and exits to the country and photographs of him over the years.
Journalist and analyst Ferdinand Dervishi said Nano was a target due to his previous role.
“What happened today is the result of that attack by Iranian hackers. They have decided that they will publish sensitive data after leaving the embassy. I think they started with Gledis Nano because he was supposed to be their biggest opponent,” he said.
The documents published also refer to a Russian embassy worker expelled from the country in 2021 and a wanted criminal who remains on the run.
The hackers have pledged to continue with Prime Minister Edi Rama telling EURACTIV that the government is “accelerating all our plans to build a state-of-the-art cyber defence in close cooperation with our allies, ” including the US, NATO and the EU.
In terms of the nature of the attack, he added that “based on the full assessment made in cooperation with the superteams of Microsoft and other American agencies, the attack was a massive assault to wipe out completely our digital infrastructure together with all related data. It didn’t succeed, and damages were far less than one would fear after such a blow”.
US slaps more sanctions on Iran over ‘malicious’ cyber activity
The cyberattacks on Albania were party behind two rafts of sanctions handed down on Iran and linked individuals and companies over the last two weeks. These developments occur in the context of fading momentum for the EU-mediated new nuclear deal that seemed to be there earlier this month. Germany, France, and Britain raised “serious doubts” in a tripartite statement on Saturday about Iran’s sincerity in restoring the accord.
They charged that Tehran “has chosen not to seize this critical diplomatic opportunity”, adding that “instead, Iran continues to escalate its nuclear programme way beyond any plausible civilian justification”.
Iran’s foreign ministry, which also denies the cyber attacks on Albania, criticised those comments as “unconstructive.”, AFP reported.