Iranian Hackers Targeting Albania with No-Justice Wiper: Beware of Cyberattacks!

Key points:

A pro-Iranian hacker group known as Homeland Justice has been targeting Albania with the No-Justice wiper malware.
The malware is designed to crash the operating system in a way that it cannot be rebooted.
The group recently resurfaced after a hiatus, launching a campaign against supporters of terrorists.
The attack targeted organizations such as ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament.
The group used a combination of tools including an executable wiper and a PowerShell script to propagate the malware.
Other pro-Iranian hacker groups have also been targeting Israel and the U.S. with similar attacks.

According to cybersecurity company ClearSky, a pro-Iranian hacker group known as Homeland Justice has been targeting organizations in Albania with a wiper malware called No-Justice. The malware is designed to crash the operating system in a way that it cannot be rebooted, effectively wiping the data on the computer. The group, active since July 2022, recently resurfaced after a hiatus and launched a campaign against supporters of terrorists, particularly targeting the dissident group People’s Mojahedin Organization of Iran (MEK) which is currently based in the Albanian city of Durrës.

The attack targeted several prominent organizations in Albania, including ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament. The group used a combination of tools to carry out the attack, including an executable wiper (NACL.exe) and a PowerShell script that propagated the malware to other machines in the target network. The wiper malware requires administrator privileges to erase the data on the computer, and it accomplishes this by removing the boot signature from the Master Boot Record (MBR), the first sector of the hard disk that identifies where the operating system is located.

Other pro-Iranian hacker groups have also been targeting Israel and the U.S. with similar attacks. These groups, including Cyber Av3ngers, Cyber Toufan, Haghjoyan, and YareGomnam Team, have been increasingly engaging in cyber attacks as a form of retaliation amid continuing geopolitical tensions in the Middle East. The attacks often involve wiping infected hosts and releasing stolen data on their Telegram channels. Israeli state government entities and private companies have been among the victims of these attacks, and some are still offline over a month later and have been unable to recover.

The Israeli National Cyber Directorate (INCD) has reported tracking approximately 15 hacker groups associated with Iran, Hamas, and Hezbollah that are actively operating in Israeli cyberspace. The techniques and tactics employed by these groups share similarities with those used in the Ukraine-Russia war, with a focus on psychological warfare and the use of wiper malware to destroy sensitive information.

It is crucial for organizations to remain vigilant and take appropriate measures to protect their systems from such attacks. This includes implementing strong security measures, regularly updating and patching software, and educating employees about phishing and other common cyber threats.

Post Views: 150

Latest from Blog

Beware: UNC2970 Hackers Weapons in Job Seekers’ PDFs

TLDR: UNC2970 hackers are targeting job seekers with weaponized PDF files. They use sophisticated phishing tactics to deliver malware to victims. In a recent report, cybersecurity analysts at Google Mandiant have identified

Cyber insurance changes shape of security for good and bad

TLDR: Key Points: Cyber-insurance landscape is shifting to encourage greater cyber resiliency Rising costs of cyberattacks are prompting insurers to re-examine underwriting How Cyber-Insurance Shifts Affect the Security Landscape The article discusses