Albania, a small Balkan country with fewer than three million people, has been plunged into uncertainty by Iran’s massive cyberattack, one of the biggest assaults in Europe on a NATO member since 2007. The attack, which began with a stealthy penetration of government servers in 2021, but started causing visible disruption only last year, appears to be Albania’s sheltering of the Mujahedeen Khalq (M.E.K.), a secretive Iranian dissident group, on its soil. The attacks, which affected the government’s work and financial institutions, signaled the opening of a disruptive new front in the cyberwarfare, what Prime Minister Edi Rama calls “an aggression against the sovereignty of one country by another state.”
Albanian customers at one of its largest banks got a shock shortly before Christmas when a curt text popped up on their cellphones: “Your account has been blocked. The balance of your account is zero. Thank you.” The messages, which turned out to be fake, were just part of the attack that also involved the leak of a vast trove of confidential information, including the names and addresses of more than a thousand undercover police informants and the banking information for more than 30,000 people.
Hired by the Albanian government to investigate, Microsoft attributed the cyberattack with “high confidence” to “actors sponsored by the Iranian government” and identified M.E.K. as the “primary target.” The attack against Albania was probably “retaliation for cyberattacks Iran perceives were carried out by Israel” and M.E.K. The gravity of the sprawling assault posed a tricky test for NATO, of which Albania is a member and enjoys protection under the alliance’s commitment to collective defense.
The ultimate target of the attack seems reasonably clear. The attackers have been regularly denouncing M.E.K. as terrorists and demanding that Albania shut down a camp run by the group near the port city of Durres or face further mayhem. Former members describe M.E.K., which in 2016 moved many of its followers to Albania from its previous base in Iraq, as a sinister cult. The United States classified it as a terrorist outfit until 2012, but leaned on Albania to offer shelter to thousands of its members after their camp was attacked by Iraqi forces.
The polarized politics of Washington, where prominent Republican hawks on Iran have been strong backers of M.E.K., have also played a role in the cyberattack. The geopolitical battles involving Iran, Israel, and the United States have further complicated the situation. NATO has limited itself to pledges to “support Albania in strengthening its cyberdefense capabilities” and denouncing “malicious cyberactivities designed to destabilize and harm the security of an ally and disrupt the daily lives of citizens.”
Cyberattacks are a different form of aggression, and “events are running ahead of us when it comes to” them, said Prime Minister Edi Rama. Albania has not invoked Article 5, the cornerstone of the alliance, which says “an armed attack” against any of the allies in Europe or North America “shall be considered an attack against them all.” As the attack continues, Mr. Rama lamented, “This is a terrorist attack designed to create panic, to create fear, to fuel insecurity and to make people believe that nothing is under control. They have planted ticking bombs everywhere with no clear pattern about when and where these bombs will blow up next.”