Iran-linked cyberattack reportedly disrupts public services in Albania’s capital

A cyberattack by an Iranian hacker group disrupted multiple public services in Albania’s capital, Tirana, late last week, taking down the city’s official website and affecting local government operations, local media reported.

The group, known as Homeland Justice and previously linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), claimed responsibility for the breach, saying it had taken down the city’s official website, exfiltrated data and wiped servers. The hackers cited Albania’s hosting of the exiled Iranian opposition group Mujahideen-e-Khalq (MEK) as the motive for the attack.

The MEK, which has been based at a secured compound in Albania since 2013, has long strained relations between Tirana and Tehran and has made Albania a repeated target of Iranian-linked cyber operations.

Following the attack early Friday, municipal staff reportedly struggled to access internal systems and official emails. Local media said the disruption affected transportation services, the issuance of passports and licenses, and digital enrollment for kindergartens and nurseries.

Albania’s cybersecurity authority, AKSK, condemned the incident and said efforts were underway to restore affected systems. As of Monday, the municipal website remained offline.

Homeland Justice has previously claimed responsibility for attacks on Albania’s parliament, national airline, telecom firms and statistics agency.

In 2022, the U.S. sanctioned Iran’s primary intelligence agency over a similar attack that crippled Albanian government services. The U.S. cyber officials said Iranian-linked hackers had maintained access to Albania’s networks for over a year before launching the operation.

Iran’s Foreign Ministry has repeatedly denied involvement in cyberattacks against Albania and dismissed U.S. sanctions as “baseless.”

The attack comes amid heightened tensions in the Middle East, with Israeli and U.S. officials reporting increased activity from Iranian-affiliated groups. In recent weeks, Israeli cybersecurity authorities have blamed Tehran-linked hackers for phishing campaigns, DDoS attacks, and attempts to spread fake alert messages aimed at Israeli civilian systems. 

The U.S. Department of Homeland Security has also warned of potential retaliatory cyberattacks by Iranian-aligned actors following strikes on Iranian nuclear facilities.