In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. A FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware. The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content.
REFERENCE: https://www.cisa.gov/uscert/ncas/alerts/aa22-264a
ADVERSARY: HomeLand Justice
INDUSTRY: Government
TARGETED COUNTRY: Albania
ATT&CK IDS: T1140 - Deobfuscate/Decode Files or Information, T1562 - Impair Defenses, T1027 - Obfuscated Files or Information, T1547 - Boot or Logon Autostart Execution, T1059 - Command and Scripting Interpreter, T1486 - Data Encrypted for Impact, T1176 - Browser Extensions, T1021 - Remote Services
Comments