U.S. Helps NATO Ally Albania Combat Iranian Cyberattacks

Latest Developments

American cyber forces concluded a three-month deployment to Albania to aid its government after an Iranian cyberattack, U.S. Cyber Command announced on Thursday. At the request of its NATO ally, American personnel helped their counterparts expel hackers in their networks and used the technical findings to shore up U.S. defenses. Tehran’s cyberattacks on Albanian government systems occurred last summer in what the Biden administration called an “unprecedented cyber incident.”

Expert Analysis

“U.S. Cyber Command’s ‘hunt forward’ operations increase the resilience of critical allied networks. Sitting side-by-side with foreign counterparts, U.S. personnel help America’s emerging allies and partners observe, identify, and root out malicious activity. Countering America’s authoritarian adversaries in cyberspace requires imposing costs on attackers and proactively strengthening defense. Hunt forward operations are a critical component of the latter.” — RADM (Ret.) Mark Montgomery, Senior Director of FDD’s Center on Cyber and Technology Innovation and FDD Senior Fellow

“The Biden administration pledged to hold Iran accountable for its ‘reckless and irresponsible’ cyberattacks on Albania. The administration imposed sanctions, issued indictments, and published alerts about Iranian threats. While these activities provide actionable information to defenders and demonstrate America’s ability to definitively attribute cyberattacks, they have had limited if any effect on Iran’s behavior. Strengthening allied defenses, however, can render Iran’s attempted attacks meaningless.” — Annie Fixler, Director of FDD’s Center on Cyber and Technology Innovation

Iranian Attacks on Albania

When Tehran launched cyberattacks in July, the hackers claimed to be Albanian citizens upset with their government’s decision to provide refuge to roughly 3,000 members of the Iranian dissident group Mujahedeen-e-Khalq. Forensic investigations by the FBI, U.S. cybersecurity firms, and foreign partners, however, revealed that Iranian hackers had compromised Albanian networks 14 months prior. The July attack destroyed government data and disrupted public services. After Albania severed diplomatic ties in September, the cyberattacks only escalated.

U.S. Cyber Deployments Assist Partners

The operation in Albania was “very effective,” said the Albanian government, indicating a desire to continue bolstering cyber cooperation with Washington. At a conference alongside European, Central Asian, and Israeli officials last month, the two nations pledged $50 million for cyber defense. Last year, after a similar deployment in Vilnius, the Lithuanian deputy minister of national defense said that operation “provided a lot of valuable knowledge.” Gen. Paul Nakasone, commander of U.S. Cyber Command, told the Senate Select Committee on Intelligence earlier this month that U.S. efforts to bolster Ukrainian cyber defenses prior to the Russian invasion have worked.

Cyber Capacity-Building Strengthens U.S. Defenses

Since 2018, U.S. Cyber Command has conducted 44 overseas deployments with allies and partners, including 16 in the past 10 months. These missions help other nations better defend themselves and fend off cyberattacks that could spread to U.S. networks. They also bring U.S. operators “closer to adversary activity,” helping America “better understand and then defend” itself from these adversaries, explained U.S. Army Maj. Gen. William J. Hartman, commander of U.S. Cyber National Mission Force, on Thursday. U.S. Cyber Command also shares the information it gleans with other nations and the private sector. Exposing the techniques of America’s adversaries helps defenders thwart attacks.