Threat Group Cards: A Threat Actor Encyclopedia

APT group: HomeLand Justice

Names	HomeLand Justice (self given)
Country	Iran
Sponsor	State-sponsored
Motivation	Sabotage and destruction
First seen	2022
Description	(ClearSky) On September 23rd, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released an advisory analyzing a wave of cyber-attacks targeting the Government of Albania. The group, identifying as 'HomeLand Justice,' was attributed as an Iranian state threat actor. Homeland Justice launched its first campaign on July 15th, 2022, targeting Albanian e-government systems right before a planned conference of Iranian opposition group Mojahedin-e Khalq (Persian:مجاهدین ِ خلق), also known as MEK - a well-known Iranian group seeking to replace the current regime in Iran. The conference was cancelled following the attack. In September 2022, the actor launched a second campaign targeting Albanian border crossings. On December 24th, 2023, the actor publicized the current campaign, described in this blog, targeting Albanian infrastructure and government organizations.
Observed	Countries: Albania.
Tools used	No-Justice Wiper, Plink, RevSocks, W2K Res Kit.
Operations performed	Jan 2024	Iran-linked hackers claim attack on Albania's Institute of Statistics <https://therecord.media/iran-linked-hackers-claim-attack-on-albania-census-org>
Information	<https://www.clearskysec.com/wp-content/uploads/2024/01/No-Justice-Wiper.pdfhttps://www.clearskysec.com/wp-content/uploads/2024/01/No-Justice-Wiper.pdf> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-264a>

Last change to this card: 06 March 2024

Download this actor card in PDF or JSON format

Previous: Hidden Lynx, Aurora Panda
Next: Honeybee