The Mujahedeen-e Khalq (People’s Mujahedeen Organization) of Iran is an armed political group that seeks to overthrow the Government of the Islamic Republic of Iran. The organization spawned out of the Freedom Movement in Iran and worked with other opposition groups to depose Shah Mohammad Reza Pahlavi. They helped accomplish this goal in 1979 during the Iranian revolution but refused to agree to the terms of the Iranian Islamic Republic Referendum. Their strong feminist views quickly put them at odds with many of the other groups that supported the revolution, and the government outlawed them shortly after the revolution. The MEK found a new home in Iraq and supported Saddam Hussein in his war against Iran in 1980 to 1988. They continued to launch terrorist attacks against Iran from their base in Iraq until 2003 when the American military seized their compound during Operation Iraqi Freedom and renamed it Camp Fallujah. The MEK surrendered to American forces in the beginning of the war, and the United States relocated them to different Army camps in Iraq until finally settling them in Albania in 2016. 

The MEK planned to host a Free Iran World Summit in Albania in late July 2022 to connect with other groups who opposed the Islamic Republic of Iran. Before they could meet, however, the Albanian government discovered evidence of Iranian terrorist threats to the conference. That wasn’t the end of it, however. Iranian hackers launched a series of cyber attacks against Albanian government websites and internet based public services on July 15^th, a week before the start of the Free Iran World Summit. Microsoft attributed these activities to at least four different actors that are all associated with ‘Europium’, a hacking group that is linked to Iran’s Ministry of Intelligence and Security. 95% of Albania’s government services are entirely online, and this created a large attack surface for these malicious cyber actors to exploit.

The cyber attacks were so effective that Albania strongly considered invoking article 5 of the NATO charter, which would require all member nations to come to their defense. No NATO member nation has ever invoked Article 5 over a cyber attack. Estonia came close to declaring it after the Russians shut down their internet in 2012 but ultimately decided against it. They may have been unsure how NATO would respond. Article 5 declarations are not common after all. The first and only time a NATO nation invoked the mutual defense pact was after the terrorist attacks against the United States on September 11, 2001. The heads of North Atlantic Council met in Wales in 2014 and acknowledged that a cyber attack could justify a request for mutual defense, but it wasn’t very clear on criteria is required for an Article 5 declaration. NATO reaffirmed their commitment to defending member nations against cyber attacks at the Warsaw Summit in 2016, and the Brussels Summit in 2021. In both instances, however, they did not define what kind of cyber attack would elicit a military response. The MEK canceled their summit, but this didn’t stop Iran from launching another attack against the Albanian government in September.