The US Treasury Department imposed sanctions on Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for their role in the July cyber attack against Albania, a NATO member state that is a close ally of the US.
Unbeknownst to some, the MOIS has been under scrutiny for years.
"Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector organizations around the world and across various critical infrastructure sectors," the Treasury Dept's Office of Foreign Assets Control (OFAC) said.
"In July 2022, cyber threat actors assessed to be sponsored by the Government of Iran and MOIS disrupted Albanian government computer systems, forcing the government to suspend online public services for its citizens."
Following the attack, Prime Minister Edi Rama severed diplomatic ties with Iran and ordered all embassy staff to leave within 24 hours. Iran also faced criticism for its “reckless cyber attacks” from the US government, NATO, and the UK.
The US Cyber Command had previously officially linked the Iranian-backed MuddyWatter threat group to MOIS. The MOIS has also been associated with APT39, an Iranian cyber-espionage group that is known to have conducted surveillance operations aligned with Iranian interests since November 2014.
An EDR buyer's guide
How to pick the best endpoint detection and response solution for your business
"Iran's cyber attack against Albania disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public," said Brian E. Nelson, the Treasury's Under Secretary for Terrorism and Financial Intelligence.
"We will not tolerate Iran's increasingly aggressive cyber activities targeting the United States or our allies and partners,” added Nelson.
