A threat actor working to further Iranian goals is said to have been behind a set of damaging cyberattacks against Albanian government services in mid-July 2022.
Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a “geographic expansion of Iranian disruptive cyber operations.”
The July 17 attacks, according to Albania’s National Agency of Information Society, forced the government to “temporarily close access to online public services and other government websites” because of a “synchronized and sophisticated cybercriminal attack from outside Albania.”
The politically motivated disruptive operation, per Mandiant, entailed the deployment of a new ransomware family called ROADSWEEP that included a ransom note with the text: “Why should our taxes be spent on the benefit of DURRES terrorists?”
A front named HomeLand Justice has since claimed responsibility for the cyber offensive, with the group also allegedly claiming to have used a wiper malware in the attacks. Although the exact nature of the wiper is unknown, Mandiant said an Albanian user submitted a sample for what’s called ZeroCleare on July 19, coinciding with the attacks, to a public malware repository.
images from Hacker News