Cyber activists have discovered that the app MojDoktor [My Doctor], used for health appointments and connecting Serbian health centres with the integrated information system, was exploited for almost three years. This included several email servers from a local health centre, which were used for spam, phishing, but also malware and virus attacks.
Most cases in the past three years were reported to the Special Prosecution Office for High Tech Crime and Organised Crime. However, the perpetrators often remain unknown, and court epilogues are few.
Series of cyber intrusions shakes Albania
Albania has faced several cyberattacks that have targeted its key institutions and businesses. These attacks have caused significant disruptions and raised concerns about cybersecurity.
Methodology Used in the Research
To explore the intricate world of BDI and cybersecurity in the Balkan region, this research
adopted a qualitative approach using mixed methods, including a desk review of relevant
studies and reports, interviews with IT employees at IT departments in public companies and
institutions, and the case study research design. This research methodology is appropriate for
enabling a deep understanding of the complex relationship between cybersecurity and BDI in
the Balkan region.
A multifaceted data collection approach was employed for this research, including document
analysis and case study examination. The researchers first conducted a literature review of
government and NGO reports, news articles, and industry reports.
Secondly, the researchers collated data on notable cyberattacks targeting the Balkan
region’s BDI systems into a database and interviewed IT employees. Selected
case studies offered invaluable insights into cyberattacks on critical infrastructure and public
institutions, servers and revealed large data breaches and leaks.
To analyze the data, the report relied on qualitative content and comparative analysis methods
to analyze cyberattack incidents across five Balkan countries. The research also relied on
triangulation, a technique used in mixed-methods research, to enhance validity and reliability by
cross-checking data from different sources.
One notable incident occurred on January 30, 2023, when Air Albania, a prominent airline company, fell victim to a cyberattack. The attackers, identified as the LockBit ransomware group, claimed they infiltrated Air Albania’s online infrastructure to extort a ransom. They claimed to have stolen and encrypted the company’s data, demanding payment for its release.
The ransom notice was displayed on the LockBit group’s Dark Web Tor Blog page. Despite the attack, Air Albania assured the public that its data remained secure and that system updates were being implemented. The company did not comment further on the incident.
Another significant cyber incident involved Credins Bank, one of Albania’s largest financial institutions. On December 23, 2022, Credins Bank had to suspend its online services due to a cyberattack orchestrated by the Homeland Justice group. The attackers claimed they targeted the bank in response to the Albanian government’s support for the Iranian opposition group, MEK.
In a concerning development, Homeland Justice shared documents allegedly obtained from the bank on one of their Telegram channels. The bank did not confirm the authenticity of these leaked documents, titled “ALLAccountsCustomers.zip,” which cautioned against their circulation.
The Albania Police Supervisory Agency also faced a cyber threat. On September 21, 2021, the agency reported an attempted attack on its servers. The attack was successfully blocked, however, and the agency stated that no data had been stolen.
The most significant cyber incident to date in Albania occurred on July 15, 2022, when the government’s centralized e-services system was breached. This breach affected various government infrastructure, resulting in the gradual leakage of sensitive information over several months.
The attackers, masquerading as the Homeland Justice group on social network accounts, exposed emails belonging to the State Police director and a list of employees from the secret services.
Microsoft Threat Intelligence investigations revealed that the initial access to the system occurred in May 2021 through a vulnerability in a SharePoint Server. By July 2021, the attackers had fortified their access using a misconfigured service account. Ransomware and wiper malware were employed to achieve their objectives.
Microsoft and the FBI suggested that Iran might be behind the attack, leading Albania to sever diplomatic relations with Iran as a response. Iran has denied involvement, but Albania believes Tehran was responsible due to its decision to grant refuge to an Iranian opposition movement that is considered a terrorist group by the Iranian government.
These cyber incidents in Albania highlight the growing threat of cybercrime and the need for enhanced cybersecurity measures to protect critical infrastructure and businesses. The attacks have not only caused disruptions but also strained diplomatic relations. Albania’s government and institutions must remain vigilant and collaborate with international partners to strengthen their cybersecurity defences and mitigate future risks.
Journalists involved in conducting this research are Igor Ispanovic, Azem Kurtic, Gjergj Erebara, Xheneta Murtezaj, and Bojan Stojkovski.