Updated: Sep 15, 2022
“Iran continues to pose a clear and present threat to the peace and stability of the ME region and the entire world,” said Israel's MFA
Israel joined the US and NATO “strongly condemning Iran’s malicious cyberattack against Albania,” an official tweet from the Ministry of Foreign Affairs said on Thursday. This took place one day after Tirana decided to sever diplomatic ties with Tehran over Iran-linked cyberattack which took place in July and targeted Albanian government organizations, likely as part of Iran’s anti-dissident efforts.
“Iran must be held accountable for this unprecedented cyberattack that targeted Albania’s critical information infrastructure,” said the MFA. “Iran continues to pose a clear and present threat to (the) peace and stability of the ME region and the entire world.”
Of course, this official show of support did not appear out of thin air. As the resurrection of the Iran nuclear deal seems imminent, Israel has been engaged in tremendous diplomatic efforts to stop this from happening, or at least alter some of its articles.
Over the past few weeks, Israel’s top security leaders – from its National Security Advisor to the Minister of Defense and the Director of the Mossad – have visited Washington, DC, and Prime Minister Yair Lapid has spoken to several world leaders on the matter. This, in addition to a media blitz and the constant echoing of the mantra “Israel is not bound by any agreement” and reserves the right for self-defense. A not-so-subtle hint at its military capabilities.
Another aspect, of course, is the ongoing cyber war between Iran and Israel. In June, Israel’s Cyber Directorate chief, Gabi Portnoy, said “Iran has become our dominant rival in cyber, together with Hezbollah and Hamas” – its proxies in Lebanon and the Gaza Strip, respectively.
The Albania story, the first known time in which a country severs ties with another over a cyberattack, was far from being the only time Iran’s cyber disruptions came into the spotlight last week.
A new blog post by Microsoft Security revealed the latest actions of an APT group named DV-0270, or Nemesis Kitten – a sub-group of infamous Iranian-linked PHOSPHORUS. According to the report, multiple ransomware campaigns and other malicious network operations have been tied to this group, which the security experts believe is operating on behalf of the government of Iran.
That same day, Mandiant released a report of its own, disclosing the operations of APT42, which it believes to be “an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government.”
According to the report, APT42 has been active since at least 2015 and has been employing spear phishing and social engineering techniques, in over 30 confirmed targeted operations.
The group has consistently targeted Western think tanks, researchers, journalists, current Western government officials, former Iranian government officials, and the Iranian diaspora abroad,” said the report, adding that APT42’s activity poses a threat to “foreign policy officials, commentators, and journalists, particularly those in the United States, the United Kingdom, and Israel, working on Iran-related projects.”
UPDATE: On Monday, Israel's Deputy Foreign Minister Idan Roll met with Albanian Foreign Minister Olta Xhacka, on the sidelines of a conference in Berlin. In a tweet, Roll said that he "expressed Israel's appreciation for Albania's decision to sever diplomatic ties with Iran, and offered to share our knowledge and experience in cyber defense."