top of page

Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Gov

Researchers identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization’s conference in late July 2022.

INDUSTRY: Government

TARGETED COUNTRIES: Saudi Arabia, Bahrain, Albania


ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1553 - Subvert Trust Controls, T1560 - Archive Collected Data, T1574 - Hijack Execution Flow, T1547 - Boot or Logon Autostart Execution, T1053 - Scheduled Task/Job, T1127 - Trusted Developer Utilities Proxy Execution, T1561 - Disk Wipe, T1140 - Deobfuscate/Decode Files or Information, T1490 - Inhibit System Recovery, T1106 - Native API, T1566 - Phishing, T1573 - Encrypted Channel, T1056 - Input Capture, T1007 - System Service Discovery, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1055 - Process Injection, T1057 - Process Discovery, T1070 - Indicator Removal on Host, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1087 - Account Discovery, T1112 - Modify Registry, T1113 - Screen Capture, T1134 - Access Token Manipulation, T1489 - Service Stop, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1543 - Create or Modify System Process, T1569 - System Services

Read More:



Commenting has been turned off.
bottom of page