Iran-Linked Hackers Reportedly Targeted Albanian Parliament Email System

The breach underscores a growing pattern of Iranian cyber‑operations that extend beyond the Middle East into the Balkans. Tehran‑aligned groups such as Homeland Justice operate as proxy actors, leveraging sophisticated phishing and credential‑harvesting tools to infiltrate government networks. Over the past four years, Albania has endured multiple intrusions, including the 2022 wave that forced the country to sever diplomatic ties with Iran. These campaigns are often timed with regional tensions, using cyber‑espionage to gather political intelligence, influence public discourse, and pressure neighboring states aligned with Western alliances.

Albania’s National Cyber Security Authority responded swiftly, convening a dedicated working group to contain the incident and assess the scope of the breach. Technical teams performed on‑site examinations, while the agency heightened vigilance across critical information infrastructures. The alleged exfiltration of emails from senior lawmakers—later posted on Telegram—exposes vulnerabilities in parliamentary communications and risks eroding public confidence in democratic institutions. By publicizing the response, the authority aims to deter further attacks and reassure both domestic stakeholders and international partners of its resilience.

The episode highlights the urgent need for coordinated cyber‑defence mechanisms within the European Union and NATO. Balkan nations, often perceived as peripheral, are increasingly attractive targets for state‑sponsored actors seeking strategic footholds. Strengthening information‑sharing protocols, investing in advanced threat‑intelligence platforms, and conducting joint cyber‑exercises can mitigate the risk of similar incursions. For businesses operating in the region, adopting zero‑trust architectures and regular phishing simulations will be essential to safeguard sensitive data against evolving Iranian‑linked threat groups.