{"id":14305,"date":"2022-10-01T11:01:58","date_gmt":"2022-10-01T07:31:58","guid":{"rendered":"https:\/\/www.nejatngo.org\/en\/?p=14305"},"modified":"2022-10-01T11:20:59","modified_gmt":"2022-10-01T07:50:59","slug":"albania-caught-in-the-crossfire-of-cyber-conflict","status":"publish","type":"post","link":"https:\/\/www.nejatngo.org\/en\/posts\/14305","title":{"rendered":"Albania Caught in the crossfire of cyber conflict"},"content":{"rendered":"<p>The recent cyberattack on Albania by Iran highlights the intensification of conflict within cyberspace.<\/p>\n<p>Earlier this month the \u201cstrongest public response to a cyberattack\u201d was witnessed when Albania severed diplomatic relations with Iran over its role in the devastating cyberattacks against Albania\u2019s government infrastructure. This cascading incident highlights the vast differences in nation-state capabilities and defences within cyberspace, and how offensive cyber operations can devastate those nations caught in the middle.<\/p>\n<p>On 17 July 2022, Albania was hit by a series of cyberattacks that targeted public services and government websites. The attack, claimed by \u2018HomeLand Justice\u2019 employed new family ransomware malware, ROADSWEEP, and a new variant of a wiper malware, ZEROCLEAR. Since Albania is a NATO member, and these attacks are happening during Russia\u2019s ongoing invasion of Ukraine, the local media speculated that Russia was the culprit.<\/p>\n<p>This speculation faded quickly after a US cyber threat intelligence firm, Mandiant, attributed the cyberattack and the \u2018HomeLand Justice\u2019 group to Iran. Their analysis was aided by the imagery used on the \u2018HomeLand Justice\u2019 group\u2019s Telegram channel. Iran had posted a banner image which depicted an eagle swooping down on a smaller bird within the Star of David.<\/p>\n<div id=\"attachment_14306\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img fetchpriority=\"high\" decoding=\"async\" aria-describedby=\"caption-attachment-14306\" class=\"wp-image-14306 size-full\" src=\"https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/ORF-Cyber-1.jpg\" alt=\"ORF online on Albaia Cyber attack\" width=\"600\" height=\"314\" srcset=\"https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/\/ORF-Cyber-1.jpg 600w, https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/\/ORF-Cyber-1-300x157.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-14306\" class=\"wp-caption-text\">Source: Mandiant<\/p><\/div>\n<p>The smaller bird\u2014a character from the Angry Bird franchise\u2014seemed innocuous but provided analysts a clear link to Iran. John Hultquist, Vice President, Mandiant Threat Intelligence, explained that the smaller bird had been claimed by \u2018Predatory Sparrow\u2019, a threat actor that has conducted offensive cyber operations against Iran.<\/p>\n<div id=\"attachment_14307\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-14307\" class=\"size-full wp-image-14307\" src=\"https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/ORF-Cyber-2.jpg\" alt=\"ORF online on Albaia Cyber attack\" width=\"600\" height=\"366\" srcset=\"https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/\/ORF-Cyber-2.jpg 600w, https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/\/ORF-Cyber-2-300x183.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-14307\" class=\"wp-caption-text\">Source: Mandiant<\/p><\/div>\n<p>In fact, since July 2021, the \u2018Predatory Sparrow\u2019 threat actor has been conducting measured, destructive, and disruptive cyber operations against Iran. Their offensive cyber operations disrupted rail services, cut off fuel distribution, and even destroyed a steel plant affiliated with the Iranian Revolutionary Guard Corps.<\/p>\n<p>There\u2019s no clear evidence to suggest that Albania\u2019s government had a role in \u2018Predatory Sparrow\u2019s operations, yet Iran deemed them a fair target in responding against \u2018Predatory Sparrow\u2019s actions. The prevailing theory, supported by a new report from Microsoft, suggests that \u2018Predatory Sparrow\u2019 is linked to the exiled Iranian opposition group, the Mujahedin-e-Khalq (MeK) which operates out of Albania and Israel. This is further supported by terrorist threats that cancelled a planned MeK conference in Albania.<\/p>\n<p>Given \u2018Predatory Sparrow\u2019s year-long destructive cybercampaign, Iran was justifiably itching to respond. Albania, regarded by Iran as a \u201csafe haven\u201d for the MeK, is more of an \u2018unwitting conspirator\u2019 than a knowing participant in this ongoing cyber conflict. Albania is considered to be the \u201cfifth largest source of cybercrime in Europe\u201d, which only recently took steps to develop a cybercrime centre, and received 18 million euros in November 2021 to establish a cyber military force. After a massive leak of citizen data in December 2021, Albania brought in US firms to bolster its cyber defences.<\/p>\n<p>Even though Albania lacked proper cyber defences, it is a member of NATO. The military alliance has been reinvigorated, following Russia\u2019s invasion of Ukraine and in February 2022, it reaffirmed that a cyberattack on a NATO member state could trigger Article 5\u2014the alliance\u2019s collective defence clause, last activated by the US after the 9\/11 terror attacks. However, NATO has since declined to clarify what threshold a significant cyberattack (or \u201can accumulation of smaller ones\u201d) would need to cross for an Article 5 decision.<\/p>\n<p>Albania, regarded by Iran as a \u201csafe haven\u201d for the MeK, is more of an \u2018unwitting conspirator\u2019 than a knowing participant in this ongoing cyber conflict.<\/p>\n<p>Declaring Article 5, is a political decision, much like a declaration of war. One is inclined to speculate whether Albania\u2019s fellow NATO members, actively engrossed with the Russian invasion, sought to avoid sparking a \u2018second front\u2019 in the Middle East. Albania, opted against Article 5, despite the disruption and destruction of its government services and systems, and chose to cut diplomatic ties with Iran. This move did little to deter Iran from conducting yet another offensive cyber operations against Albania\u2019s border system.<\/p>\n<p>What has been unfolding is a perfect case of a comprehensive conflict within cyberspace. The most noteworthy observation is the difference in the playing field between sophisticated cyber actors and other countries.<\/p>\n<p>Those countries that have been on the receiving end of cyber action or cyber-enabled espionage, have gone on to develop both their offensive and defensive capabilities. Often taking a traditional military posture that favours strengthening offensive capabilities over defensive capabilities, Iran is a prime example of this.<\/p>\n<p>On the defensive side, the US has been dealing with offensive cyber action and cyber-enabled espionage from Iran, North Korea, China, and Russia for more than 15 years. NATO members such as the United Kingdom (UK), France, Canada, and Germany have grown to deal with similar threats\u2014albeit within a smaller timeframe. To defend their economies and societies, these nations have spent billions in growing a cybersecurity industry and building defenses against offensive cyber operations.<\/p>\n<p>Escalation in cyber conflict<br \/>\nIronically, this conditioning: building capacity, developing resilience, and strengthening response times, has likely contributed to the intensification of cyber events that this author and Jason Healey, a Senior Research Scholar at Columbia SIPA, alluded to in December 2021.<\/p>\n<div id=\"attachment_14308\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-14308\" class=\"size-full wp-image-14308\" src=\"https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/ORF-Cyber-3.jpg\" alt=\"ORF online on Albaia Cyber attack\" width=\"600\" height=\"395\" srcset=\"https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/\/ORF-Cyber-3.jpg 600w, https:\/\/www.nejatngo.org\/en\/wp-content\/uploads\/\/ORF-Cyber-3-300x198.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-14308\" class=\"wp-caption-text\">Source: CCDCOE<\/p><\/div>\n<p>Cyber events are now routinely crossing thresholds that would have been viewed as increasingly risky 20 years ago. The result is that offensive cyber operations are now manageable for countries such as the US but are now catastrophic for smaller countries that are thrust into the cyber conflict space. The potential scale of this effect likely makes smaller countries ideal targets for sophisticated actors looking to demonstrate their capabilities. Iran appears to have stronger evidence on Israel\u2019s role in the \u2018Predatory Sparrow\u2019 campaign (the two countries have been exchanging attacks for years) but opted to attack Albania\u2019s government for harbouring the MeK\u2014using the disruptive incident to send a message to Iran\u2019s enemies.<\/p>\n<p>This incident is chilling because it shows the spread of sophisticated cyber capabilities, and the growing intent to conduct such operations. Most theories around cyber conflict have kept the US as a key player in such conflicts\u2014\u2018Predatory Sparrow\u2019 and Iran\u2019s response have shown that this is outdated.<\/p>\n<p>The result is that offensive cyber operations are now manageable for countries such as the US but are now catastrophic for smaller countries that are thrust into the cyber conflict space.<\/p>\n<p>The US does continue to play a tremendous role in how cyberspace is shaped. Over several years, it has taken great strides in developing its cyber policy and responses, both domestically and internationally. The US government was first to support Albania\u2019s diplomatic decision against Iran, was quick to sanction Iranian officials over the incident, and US firms and law enforcement have been involved in the initial incident response and capacity development. However, the US continues to make cyberspace an increasingly \u2018quintuply dangerous\u2019 area of conflict with its 2018 National Cyber Strategy.<\/p>\n<p>The US\u2019 military has an inherently offence-oriented posture with its \u2018Persistent Engagement\u2019 strategy and \u2018Hunt Forward\u2019 operations continuing to escalate tensions within cyberspace. These actions are achieved by infiltrating and confronting adversaries within their own networks. These operations can be conducted using networks belonging to the US\u2019 allies (with and without consent) which could mislead counter-cyber operations.<\/p>\n<p>Whether intentional or not, the US\u2019 policies serve as a benchmark which are subsequently modified for individual countries. For adversaries, these policies are intended to confuse and confound any hope of attribution. This pushes adversaries to look for smaller, less cyber-capable countries that can be made an example of. Such efforts are only making cyberspace more dangerous.<\/p>\n<p>VIRPRATAP VIKRAM SINGH &#8211; orfonline<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The recent cyberattack on Albania by Iran highlights the intensification of conflict within cyberspace. Earlier this month the \u201cstrongest public response to a cyberattack\u201d was witnessed when Albania severed diplomatic&hellip;<\/p>\n","protected":false},"author":2,"featured_media":14309,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[667],"tags":[680],"module":[81],"ctype":[17],"blog":[109],"class_list":["post-14305","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-albania","tag-mko-members-in-albania","module-article","ctype-story","blog-western-bloggers"],"_links":{"self":[{"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/posts\/14305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/comments?post=14305"}],"version-history":[{"count":0,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/posts\/14305\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/media\/14309"}],"wp:attachment":[{"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/media?parent=14305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/categories?post=14305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/tags?post=14305"},{"taxonomy":"module","embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/module?post=14305"},{"taxonomy":"ctype","embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/ctype?post=14305"},{"taxonomy":"blog","embeddable":true,"href":"https:\/\/www.nejatngo.org\/en\/wp-json\/wp\/v2\/blog?post=14305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}