US Sends Cyber Team to Aid Albania's Cyber DefensesMission Helped Find Threats, Vulnerabilities in Albania's Critical Infrastructure
The United States sent its top cyber offensive team to NATO ally Albania to help secure the nation's critical infrastructure networks. The Cyber National Mission Force helped find cyberthreats and vulnerabilities on networks likely targeted last year by Iranian threat actors.
The U.S. Cyber National Mission Force's first-ever operation in Albania, called Hunt Forward, helped find "malicious cyber activity" and identify vulnerabilities on the country's critical networks, the Cyber Command said.
The technical findings of this exercise enabled the Albanian government to bolster its network defenses and provide the U.S. with "unique insights" about the adversary's tactics, techniques and procedures.
The United States dispatched the CNMF team to Albania after two cyberattacks. The first occurred in July and affected e-government services, and the second occurred in September and crippled the country's border crossing system (see: Albania Recovers From Second Iranian Cyberattack).
The second attack was a result of Albania severing diplomatic ties with Iran over the first cyberattack, which Prime Minister Edi Rama confidently attributed to Iran "without a shadow of doubt" (see: Albania Cuts Diplomatic Ties With Iran After Cyberattack)
The U.S. government also sanctioned Iran's Ministry of Intelligence and Security for the July cyberattack, stating: "We will not tolerate Iran's increasingly aggressive cyber activities targeting the United States or our allies and partners."
The U.S. Cybersecurity and Infrastructure Security Agency later revealed that the Iranian hackers that conducted both the cyberattacks had a dwell period of over a year on Albanian networks before launching the targeted cyberattacks (see: Iranian Hackers Accessed Albania's Network for 14 Months).
Albania, a NATO member since 1994, had the opportunity to invoke Article 5 of the alliance, which meant that the entire NATO alliance, including the U.S., could have retaliated against Tehran, but the country decided against it and instead opted for improving its own cyber defenses.
The three-month mission was part of CNMF's Hunt Forward operation, which is restricted to defensive cyber operations, according to the U.S. Cyber Command. This team is only deployed to partner nations upon their request, and "CNMF operators sit side by side with partners and hunt for vulnerabilities, malware, and adversary presence on the host nation's networks."
Cyber Command and NSA chief Gen. Paul Nakasone earlier this month told the Senate Armed Services Committee that this exercise builds confidence between allies. The CNMF, formed in 2018, has deployed its top cyber soldiers 44 times to 22 countries and conducted operations on nearly 70 networks around the globe. The most notable operation was conducted in Ukraine just months before Russia's invasion (see: US Confirms It Has Provided Cybersecurity Support to Ukraine).
"The United States is committed to working with Albania on securing its digital future and ensuring that connectivity is a force for innovation, productivity and empowerment," said Nathaniel Fick, U.S. ambassador-at-large for cyberspace and digital policy.
CNMF's commander, U.S. Army Maj. Gen. William J. Hartman, lauded the joint operations and said, "This is what partnership looks like. It is a great example of like-minded nations working together in the face of reckless and irresponsible adversarial cyber activity. In an increasingly dynamic environment, we have a key asymmetric advantage that our adversaries don’t have: enduring partnerships like this one with Albania."