Albania cuts Iran ties over cyberattack, U.S. vows further action

cyberattack

TIRANA, Sept 7 (Reuters) - Albania severed diplomatic relations with Iran on Wednesday and kicked out its diplomats after a cyberattack in July it blamed on the Islamic Republic, a move Washington supported as it vowed to take action in response to the attack on its NATO ally.

Albania ordered Iranian diplomats and embassy staff to leave within 24 hours.

"The government has decided with immediate effect to end diplomatic relations with the Islamic Republic of Iran," Prime Minister Edi Rama said in a video statement.

"This extreme response ... is fully proportionate to the gravity and risk of the cyberattack that threatened to paralyse public services, erase digital systems and hack into state records, steal government intranet electronic communication and stir chaos and insecurity in the country," Rama said.

There was no immediate comment from the Iranian Embassy in Tirana. There were no police units around the Iranian embassy premises in Tirana.

The United States said it concluded after weeks of investigation that Iran was behind the "reckless and irresponsible" July 15 cyberattack.

"The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S. ally and set a troubling precedent for cyberspace," the White House National Security Council said in a statement.

TENSE RELATIONS SINCE 2014

Albania and Iran have had tense relations since 2014, when Albania accepted some 3,000 members of the exiled opposition group People's Mujahideen Organization of Iran, also known by its Farsi name Mujahideen-e-Khalq, who have settled in a camp near Durres, the country's main port.

U.S. Cybersecurity firm Mandiant, which noted the hacking activity in a blog post earlier this month, said the group - which had ties to Iran - deployed a complex attack which used malicious data-wiping software against Iranian dissidents.

"This is possibly the strongest public response to a cyberattack we have ever seen,” John Hultquist, Vice President of Intelligence at Mandiant, said in an emailed statement. “While we have seen a host of other diplomatic consequences in the past, they have not been as severe or broad as this action”.

The move comes days after NATO member state Montenegro blamed a criminal group called Cuba Ransomware for a digital attack on its government infrastructure which officials there described as unprecedented.

"Even though the incidents are probably unrelated, regular disruptions to government infrastructure are an alarming trend,” Hultquist said.

Albania has previously said it had foiled several planned attacks by Iranian agents against the Iranian opposition group.

"The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran through the engagement of four groups that enacted the aggression," Rama said.

The U.S. government has been on the ground for weeks with private sector partners to investigate and help Albania recover from the attack that destroyed government data and disrupted public services, the White House said.

"We have concluded that the Government of Iran conducted this reckless and irresponsible cyberattack and that it is responsible for subsequent hack and leak operations," it said.

The United States called the attack unprecedented because it said it violated the peacetime norm of not damaging critical infrastructure that the public relied on.