Key points:
- A pro-Iranian hacker group known as Homeland Justice has been targeting Albania with the No-Justice wiper malware.
- The malware is designed to crash the operating system in a way that it cannot be rebooted.
- The group recently resurfaced after a hiatus, launching a campaign against supporters of terrorists.
- The attack targeted organizations such as ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament.
- The group used a combination of tools including an executable wiper and a PowerShell script to propagate the malware.
- Other pro-Iranian hacker groups have also been targeting Israel and the U.S. with similar attacks.
According to cybersecurity company ClearSky, a pro-Iranian hacker group known as Homeland Justice has been targeting organizations in Albania with a wiper malware called No-Justice. The malware is designed to crash the operating system in a way that it cannot be rebooted, effectively wiping the data on the computer. The group, active since July 2022, recently resurfaced after a hiatus and launched a campaign against supporters of terrorists, particularly targeting the dissident group People’s Mojahedin Organization of Iran (MEK) which is currently based in the Albanian city of Durrës.
The attack targeted several prominent organizations in Albania, including ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament. The group used a combination of tools to carry out the attack, including an executable wiper (NACL.exe) and a PowerShell script that propagated the malware to other machines in the target network. The wiper malware requires administrator privileges to erase the data on the computer, and it accomplishes this by removing the boot signature from the Master Boot Record (MBR), the first sector of the hard disk that identifies where the operating system is located.
Other pro-Iranian hacker groups have also been targeting Israel and the U.S. with similar attacks. These groups, including Cyber Av3ngers, Cyber Toufan, Haghjoyan, and YareGomnam Team, have been increasingly engaging in cyber attacks as a form of retaliation amid continuing geopolitical tensions in the Middle East. The attacks often involve wiping infected hosts and releasing stolen data on their Telegram channels. Israeli state government entities and private companies have been among the victims of these attacks, and some are still offline over a month later and have been unable to recover.
The Israeli National Cyber Directorate (INCD) has reported tracking approximately 15 hacker groups associated with Iran, Hamas, and Hezbollah that are actively operating in Israeli cyberspace. The techniques and tactics employed by these groups share similarities with those used in the Ukraine-Russia war, with a focus on psychological warfare and the use of wiper malware to destroy sensitive information.
It is crucial for organizations to remain vigilant and take appropriate measures to protect their systems from such attacks. This includes implementing strong security measures, regularly updating and patching software, and educating employees about phishing and other common cyber threats.