The US says the Iranian ministry is behind the attack, which Tirana says mostly failed and caused no lasting damage.

The US Treasury has singled out one active Iranian group, dubbed
The US Treasury has singled out one active Iranian group, dubbed "MuddyWater". (AA Archive)

The US has announced sanctions on Iran's Ministry of Intelligence and Security and its minister Esmail Khatib, after Tehran was linked to an unprecedented cyberattack against Albania.

Iran allegedly carried out the cyber attack on July 15, seeking to paralyse public services and access data and communications in government systems, according to the Albanian government.

The US said that the intelligence ministry was behind the attack on its NATO ally. Tirana said the cyber attack mostly failed and caused no lasting damage.

"Iran's cyber attack against Albania disregards norms of responsible peacetime state behaviour in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public," Treasury Undersecretary Brian Nelson said on Friday.

The Treasury said the ministry directs several cyber-espionage, hacking and ransomware networks.

The Treasury singled out one active Iranian group, dubbed "MuddyWater," which it said has conducted cyber campaigns since 2018, exploiting foreign network vulnerabilities to steal sensitive data and deploy ransomware.

READ MORE: Albania severs diplomatic ties with Iran over 'cyberattack'

'We will not tolerate'

In addition to targeting infrastructure, the Iranian hackers were blamed for leaking documents from the government in Tirana and personal information on certain Albanians.

On Wednesday, Tirana broke diplomatic ties with Tehran over the cyber attack.

"We will not tolerate Iran's increasingly aggressive cyber activities targeting the United States or our allies and partners," Nelson said in a statement.

The sanctions seek to freeze any assets those designated might have under US jurisdiction and forbid any US individuals or companies — including international banks with US operations — to do business with them, a move aimed at blocking their access to global financial networks.

READ MORE: Cyberattack shuts down Albania's online public services

Source: AFP