This article was firstly published by Faktoje.al, a fact-checking organization in Albania, as part of the regional initiative Western Balkans Anti-Disinformation Hub. An edited version is republished by the Global Voices, with their permission.
Albania's Prime Minister Edi Rama went to Brussels for the first intergovernmental conference with the EU, on July 19, 2022, at a time when the websites and services of public institutions were facing a cyber attack, which, according to the National Agency of Information Society, started on the afternoon of Friday July 15.
Albanians were unable to use scores of government services as the main servers went down. Asked in Brussels if Russia is behind the attack, Rama said he could not say whether or not Russia was part of this game. After returning from Brussels, Prime Minister Rama stated in a press conference on July 21 that strong suspicions fall on two states, but did not mention any names:
“We still don't have all the evidence to determine one of the two strongly suspected countries, I hope we will do it in the future, this is the most delicate part of the investigation.”
Rama clarified in July that the attack has finally been repelled and, meanwhile, the services for the public on the e-Albania platform have returned en masse.
Cybersecurity expert, Besmir Semanaj, tells Faktoje that this is a well-organized and well-sponsored attack by a state hostile to Albania. “Definitely the steps towards European integration and being part of NATO is one of the main causes”, he says.
Almost two months later, Microsoft, which was engaged by the Albanian government to lead an investigation into the attacks, said that Iran was behind them:
Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services. At the same time, and in addition to the destructive cyberattack, MSTIC assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier.
The Albanian government, on September 7, gave the Iranian embassy's staff 24 hours to leave the country over the major cyberattack that they blame on Iran. It is the first known case of a country cutting diplomatic relations over a cyberattack. The diplomatic staff complied.
Cyberattacks across the Western Balkans
The countries of the Western Balkans have in the past been attacked by hackers, who have tried to suspend the online work of public institutions. On February 26, the Ministry of Internal Affairs of Kosovo announced that a large-scale “phishing” attack took place, but that it did not block information or data.
Although, in these last two years, North Macedonia has had several sporadic cases of cyber attacks, what is considered as the most severe in the country is the (DDoS) attack of July 15, 2020. It was election day and the public was waiting for the results. The official website of the State Election Commission was blocked immediately after the polling stations were closed. It was initially thought to be a minor technical problem, but the election results were nowhere to be found on the website, with the commission forced to manually announce the latest updates on a YouTube channel.
“We have to understand that nowadays, cyberattacks have become something normal that we have to live with every day. Not only Kosovo and Albania, but a large number of the countries are under cyber attacks. The reasons can range from political and blackmailing to monetary gain,” says cyber security expert Besmir Semanaj.
Over the past few years, the Western Balkan countries have made significant efforts to strengthen the region's cyber resilience, says EU Cybernet, an EU-funded project. The Brussels Cyber Security Strategy for the Digital Decade (2020) states that the Western Balkans is a focus area for building the EU's cyber capacity.
At the Western Balkans Digital Security Forum held in June in Tallinn, Estonia, it was emphasized that trust in digital transformation and electronic services is built entirely on security and data protection. Since cyber threats, by nature, rarely affect only one organization at a time, preventing and responding to cyber incidents becomes difficult unless there are dedicated teams equipped with the right tools and processes.