Ransomware Used Against Albania Linked To Iran

Uploaded on 2022-08-23 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, TECHNOLOGY--Hackers

The recent cyber attacks that disrupted government systems in NATO member Albania have been linked to Iran. The hackers who carried out  cyber attacks on Albanian government websites were acting in response to the Iranian opposition group Mojahedin-e Khalq’s appearance at a conference in of Iranian dissidents in the Albanian city of Durres.  Forensic analysis of these attacks by researchers at Mandiant has revealed a new types of ransomware being used. 

Mandiant found the ransomware after it had been uploaded from Albania to a public malware repository a few days after the cyber attack was launched and have named it 'Roadsweep'. 

While the researchers could not confirm that the ransomware was indeed used in the attack, the malware encrypts files on compromised systems and then drops a ransom note. Mandiant researchers consider that other NATO members could be targeted in similar operations.

They also detected a website and Telegram channel named ‘HomeLand Justice’, which took credit for a ransomware operation aimed at the Albanian government. The site implied that a group of Albanian citizens unhappy with their government were responsible. 

However, on closer examination, this group appears to be an Iranian organisation designated as a terrorist group by the US State Department.

Following a thorough investigation, the researchers were able to determine that the Roadsweep ransomware shared code with a back door named Chimneysweep that allows its operators to take screenshots, log keystrokes and steal files. It was uploaded to a public malware repository along with a sample of a wiper malware that Mandiant has named 'Zeroclear'. 

While Mandiant was unable to confirm that this malware was used in this operation, Zeroclear was previously used by Iran-linked threat actors for disruptive activities in the Middle East

Albania's experience highlights the vulnerability of national IT infrastructure without adequate resilience. "The use of ransomware to conduct a politically motivated disruptive operation against the government websites and citizen services of a NATO member state in the same week an Iranian opposition groups' conference was set to take place would be a notably brazen operation by Iran-nexus threat actors," the researchers said.

Mandiant:    I-HLS:     Cyberscoop:   The Register:   Hacker News:     Security Week:      Industrial Cyber

You Might Also Read:

Israeli Government Websites Knocked Offline:

 

« Lazarus Targets FinTech Engineers With MacOS Malware
Technology To Combat Human Trafficking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

Andreessen Horowitz (a16z)

Andreessen Horowitz (a16z)

Andreessen Horowitz (known as "a16z") is a venture capital firm in Silicon Valley, California that backs bold entrepreneurs building the future through technology.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Upfront Security

Upfront Security

Upfront Security helps companies with innovative products & services to prevent, recognise and recover from (identity) fraud.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

CyberHub

CyberHub

CyberHub is an educational platform that offers professional courses and knowledge sharing through articles and videos to help students discover their potential in cybersecurity.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.