Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

US Slaps Fresh Sanctions on Iran over Albania Cyberattacks

The U.S. Treasury Department on Friday slapped a fresh round of sanctions against entities in Iran for engaging in destructive cyberattacks against critical infrastructure targets in allied NATO countries.

The U.S. Treasury Department on Friday slapped a fresh round of sanctions against entities in Iran for engaging in destructive cyberattacks against critical infrastructure targets in allied NATO countries.

The new sanctions designate Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for engaging in cyber-enabled activities against the United States and its allies, the government said in a statement. 

“Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector organizations around the world and across various critical infrastructure sectors,” the Treasury Department said, pointing to the disruptive cyberattacks that hit Albanian public services earlier this year.

“In July 2022, cyber threat actors assessed to be sponsored by the Government of Iran and MOIS disrupted Albanian government computer systems, forcing the government to suspend online public services for its citizens,” the government said, accusing Iran of disregarding norms in state-related cyber activity.

[ READ: Microsoft: Multiple Iranian Groups Conducted Cyberattack on Albanian Gov ]

The department said Tehran failed to adhere to a norm on refraining from damaging critical infrastructure that provides services to the public.

“We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson.

The Treasury Department warned that Iran’s MOIS, under the leadership of Esmail Khatib, directs several networks of cyber threat actors involved in cyber espionage and ransomware attacks in support of Iran’s political goals. 

“In addition to conducting malicious cyber activity that affected Albanian government websites, MOIS cyber actors were also responsible for the leaking of documents purported to be from the Albanian government and personal information associated with Albanian residents,” the U.S. government said. 

“MOIS carries out cyber espionage and disruptive ransomware attacks on behalf of the Iranian government in parallel with the other Iranian security service the IRGC,” John Hultquist, VP, Mandiant Intelligence, told SecurityWeek. “They are largely focused on classic espionage targets such as governments and dissidents, and they have been found targeting upstream sources of intelligence like telecommunications firms and companies with potentially valuable PII. Furthermore, they have a history of targeting the MeK, the group at the center of the Albanian incident.”

The sanctions come just days after Albania cut diplomatic ties with Iran over the July cyberattacks and NATO and the White House issued statements condemning the ransomware and wiper attacks.

Earlier this week, Hultquist said the Albanian government cutting diplomatic ties with Iran is possibly the strongest public response to a cyber attack we have ever seen. “While we have seen a host of other diplomatic consequences in the past, they have not been as severe or broad as this action,” he said.

“The attack on Albania is a reminder that while the most aggressive Iranian cyber activity is generally focused in the Middle East region, it is by no means limited to it,” Hultquist added. “Iran will carry out disruptive and destructive cyber attacks as well as complex information operations globally. We are especially wary of these actors as elections approach, given the aggressive posture Iran took in 2020, and we are expecting them and others to continue to harangue our elections moving forward.”

Related: Disruptive Cyberattacks on NATO Member Albania Linked to Iran

Related: Albania Hires US Company to Boost Cybersecurity After Data Leak

Related: NATO Condemns Alleged Iranian Cyberattack on Albania

Related: Albania Cuts Diplomatic Ties With Iran Over July Cyberattack

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.