White House Attributes Attack on Albania’s Critical Infrastructure to Iran 

traffic_analyzer/Getty Images

A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.

Iran is responsible for a cyberattack on Albania that has destroyed government data and impeded the U.S. ally’s public services, according to a statement from the National Security Council.

“The United States strongly condemns Iran’s cyberattack against our [North American Treaty Organization] ally, Albania,” NSC Spokesperson Adrienne Watson said Wednesday. “We join in Prime Minister Rama’s call for Iran to be held accountable for this unprecedented cyber incident. The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace.”

Watson said U.S. officials have been on the ground for weeks working with private-sector partners to mitigate the impacts of and recover from the July 15 attack which led Albania to sever diplomatic ties with Iran. The attack effectively targeted government agencies, destroying data and disrupting public services, according to the statement. 

“We have concluded that the government of Iran conducted this reckless and irresponsible cyberattack and that it is responsible for subsequent hack and leak operations,” Watson said. “Iran’s conduct disregards norms of responsible peacetime state behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public.” 

The statement echoed an approach to U.S. cybersecurity policy that started in the Obama administration which puts certain cyber activity—such as attacks on “critical infrastructure” and the theft of intellectual property—off limits for nation-state actors. After the Ransomware attack on Colonial Pipeline, President Joe Biden met with Russia’s Vladimir Putin to stress the applicability of the policy to criminal groups that operate as state proxies.  

“Albania views impacted government networks as critical infrastructure. Malicious cyber activity by a state that intentionally damages critical infrastructure or otherwise impairs its use and operation to provide services to the public can have cascading domestic, regional and global effects; pose an elevated risk of harm to the population; and may lead to escalation and conflict,” Watson said. “We will continue to support Albania’s remediation efforts over the longer-term, and we invite partners and Allies to join us in holding malicious cyber actors accountable and building a secure and resilient digital future.”