US sanctions Iran’s intelligence office and its minister over Albania cyberattack

WASHINGTON — The US announced sanctions Friday on Iran’s Ministry of Intelligence and Security and its minister Esmail Khatib, after Tehran was identified as being behind an unprecedented cyberattack against NATO ally Albania.

Iran allegedly carried out the attack on July 15, seeking to paralyze public services and access data and communications in government systems, according to the Albanian government.

The US said that the intelligence ministry was behind the attack, which Tirana said mostly failed and caused no lasting damage.

“Iran’s cyberattack against Albania disregards norms of responsible peacetime state behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public,” said Treasury Under Secretary Brian Nelson.

The Treasury said the ministry directs several cyber-espionage, hacking and ransomware networks.

The Treasury singled out one active Iranian group, dubbed “MuddyWater,” which it said has conducted cyber campaigns since 2018, exploiting foreign network vulnerabilities to steal sensitive data and deploy ransomware.

Today the new head of #Iran’s IRGC’s Intelligence Organization Mohammad Kazemi met with Intelligence Minister Esmail Khatib (see left). A change from the previous dynamic with Taeb (see right). 1/2 pic.twitter.com/f26GbOsNDv

— Jason Brodsky (@JasonMBrodsky) July 4, 2022

MuddyWater conducted a sustained cyber attack against Turkish government entities late last year, it said.

In addition to targeting infrastructure, the Iranian hackers were blamed for leaking documents from the government in Tirana and personal information on certain Albanians.

On Wednesday Albania broke diplomatic ties with Tehran over the cyberattack.

“We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners,” Nelson said in a statement.

The sanctions seek to freeze any assets those designated might have under US jurisdiction and forbid any US individuals or companies — including international banks with US operations — to do business with them, a move aimed and blocking their access to global financial networks.