top of page
Search
Writer's pictureStormsec

Iranian State Actors Conduct Cyber Operations Against the Government of Albania | CISA

In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. A FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware. The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content.

REFERENCE: https://www.cisa.gov/uscert/ncas/alerts/aa22-264a

ADVERSARY: HomeLand Justice

INDUSTRY: Government

TARGETED COUNTRY: Albania

ATT&CK IDS: T1140 - Deobfuscate/Decode Files or Information, T1562 - Impair Defenses, T1027 - Obfuscated Files or Information, T1547 - Boot or Logon Autostart Execution, T1059 - Command and Scripting Interpreter, T1486 - Data Encrypted for Impact, T1176 - Browser Extensions, T1021 - Remote Services


0 views

Comments


Commenting has been turned off.
bottom of page