Taking cyberattacks seriously: the (likely) Albanian cyber aggression and the Iranian responsibility.

Aim of this paper is the analysis of the likely Albanian cyber aggression launched on July and September 2022 by two groups of cyber criminals, presumably acting from the Islamic Republic of Iran. The Author starts from the examination of the forensic activity to attribute these attacks. The first part of the examination deals with the technical attribution and it looks for the digital evidence of the attacks to attribute them to the Iranian criminal group. The second part deals with the use of the technical attribution to conduct the legal attribution to declare the Iranian State responsibility. The latter can be articulated in the responsibility i) for ordering a cyber-attack that has reached the threshold of the prohibition of force, under Article 2, par. 4, of the United Nations Charter, ii) for violating the principle of international law of due diligence, because eventually Iran did not avoid that the attacks have been conducted from the digital infrastructures of its territory. The latter solution seems to be preferable based on the digital evidence open source. Lastly, the article shed light on the role of private security tech companies, like Mandiant and Microsoft, in attribution because they perform government-like roles, as they possess the technologies to investigate that are needed by States, but without check and balances and any public constraints, that is usually applied to national intelligence systems.