top of page

Iranian State Actors Conduct Cyber Operations Against the Government of Albania | CISA

In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. A FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware. The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content.


ADVERSARY: HomeLand Justice

INDUSTRY: Government


ATT&CK IDS: T1140 - Deobfuscate/Decode Files or Information, T1562 - Impair Defenses, T1027 - Obfuscated Files or Information, T1547 - Boot or Logon Autostart Execution, T1059 - Command and Scripting Interpreter, T1486 - Data Encrypted for Impact, T1176 - Browser Extensions, T1021 - Remote Services

bottom of page