The Parliament of Albania announced late Tuesday that it had been hit by a cyberattack, as a result of which some data from several user accounts belonging to administrative staff were deleted.
“A preliminary technical assessment indicates that this may have been a sophisticated cyberattack, aimed at deleting data and compromising some internal systems,” the Parliament said in a statement.
The Parliament did not disclose where the attack originated, but earlier in the day a hacker group identified as Homeland Justice claimed responsibility for the attack, stating on its Telegram account that “we will not let supporters of the MEK terrorists sleep peacefully for even a moment.”
MEK, or Mojahedin-e-Khalq, is an Iranian opposition group also known as the People’s Mojahedin Organization of Iran, which has been based in Albania for years.
Homeland Justice is a website with Russian reach that appeared before the cyberattacks on Albania’s state portal e-Albania in mid-July 2022.
According to an analysis by Microsoft, the website is linked to a group connected to the Iranian government, which was responsible for the cyberattack.
This hacker group has previously carried out several cyberattacks against institutions in Albania.
Monday’s cyberattack comes at a time when security concerns in Albania have increased after Iran launched retaliatory strikes in countries hosting U.S. military bases, following the United States and Israel’s bombing of Tehran on December 28.
In the past, Homeland Justice has published personal data of Albanian citizens and stated that the cyberattacks were linked to Albania’s decision to host the Iranian opposition at the Manza camp.
Meanwhile, initial investigations into the March 10 attack have shown that the institution’s main working infrastructure was not affected.
Authorities also said that the official website of the Albanian Parliament and other systems supporting the institution’s work continue to operate normally.
After the incident was detected, measures were taken to neutralize the attack, while technical teams are working to recover the deleted data from user accounts, the Parliament stated.
The hacker group also published some of the hacked documents on March 10.
The Parliament added that technical support has been provided by international partners, with whom communication continues to assess the situation and determine the next steps.
A joint technical and investigative team has also been established to identify the source of the attack and restore the affected data.
