Information security experts blame Iranian hackers for attacks and equipment damage.
Recently, Albanian organizations have faced a prolonged series of cyber attacks. Responsibility for this lies with the Iranian group Homeland Justice, which has been active since July 2022. These attacks are characterized by the use of malicious "No-Justice" software, which is a data viper.
The malware can disable the Windows operating system on an infected computer in such a way that it becomes impossible to restart it. According to the Israeli information security company ClearSky, the No-Justice malware (NACL.exe) is an executable file with a size of about 220 KB, which requires administrator rights to erase data on the computer. The program works by removing the boot signature from the computer's master boot record (MBR), which makes it impossible to boot the operating system later.
On December 24, 2023, hackers from Homeland Justice announced the resumption of their activities, announcing the #DestroyDurresMilitaryCamp campaign against a military camp in the Albanian city of Durres, where the opposition Iranian group People's Mujahideen of Iran (MEK) is located.
Among the targets of the attacks were organizations such as ONE Albania, Eagle Mobile Albania, Air Albania and even the Albanian Parliament. The attacks were carried out using an executable viper and a PowerShell script to spread malware across the networks of target organizations.
Legitimate tools such as PuTTY Link, RevSocks, and even the Windows 2000 Resource Kit were also used in the attacks to conduct reconnaissance, lateral movement, and provide permanent remote access.
Cyber attacks on Albanian organizations are drawing attention in the context of heightened tensions in the Middle East, where Iranian hacking groups such as Cyber Av3ngers, Cyber Toufan, Haghjoyan and YareGomnam Team are increasingly targeting Israel and the United States. According to Check Point, groups such as Cyber Av3ngers and Cyber Toufan work quite closely together .
Kevin Beaumont, a security researcher, notes: "These attacks caused such damage that many organizations — almost a third - were never able to recover. Some of them are still completely disabled, and among the victims are both private companies and government agencies."
Recently, Albanian organizations have faced a prolonged series of cyber attacks. Responsibility for this lies with the Iranian group Homeland Justice, which has been active since July 2022. These attacks are characterized by the use of malicious "No-Justice" software, which is a data viper.
The malware can disable the Windows operating system on an infected computer in such a way that it becomes impossible to restart it. According to the Israeli information security company ClearSky, the No-Justice malware (NACL.exe) is an executable file with a size of about 220 KB, which requires administrator rights to erase data on the computer. The program works by removing the boot signature from the computer's master boot record (MBR), which makes it impossible to boot the operating system later.
On December 24, 2023, hackers from Homeland Justice announced the resumption of their activities, announcing the #DestroyDurresMilitaryCamp campaign against a military camp in the Albanian city of Durres, where the opposition Iranian group People's Mujahideen of Iran (MEK) is located.
Among the targets of the attacks were organizations such as ONE Albania, Eagle Mobile Albania, Air Albania and even the Albanian Parliament. The attacks were carried out using an executable viper and a PowerShell script to spread malware across the networks of target organizations.
Legitimate tools such as PuTTY Link, RevSocks, and even the Windows 2000 Resource Kit were also used in the attacks to conduct reconnaissance, lateral movement, and provide permanent remote access.
Cyber attacks on Albanian organizations are drawing attention in the context of heightened tensions in the Middle East, where Iranian hacking groups such as Cyber Av3ngers, Cyber Toufan, Haghjoyan and YareGomnam Team are increasingly targeting Israel and the United States. According to Check Point, groups such as Cyber Av3ngers and Cyber Toufan work quite closely together .
Kevin Beaumont, a security researcher, notes: "These attacks caused such damage that many organizations — almost a third - were never able to recover. Some of them are still completely disabled, and among the victims are both private companies and government agencies."
