ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > HomeLand Justice

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: HomeLand Justice

NamesHomeLand Justice (self given)
CountryIran Iran
MotivationSabotage and destruction
First seen2022
Description(ClearSky) On September 23rd, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released an advisory analyzing a wave of cyber-attacks targeting the Government of Albania. The group, identifying as 'HomeLand Justice,' was attributed as an Iranian state threat actor.

Homeland Justice launched its first campaign on July 15th, 2022, targeting Albanian e-government systems right before a planned conference of Iranian opposition group Mojahedin-e Khalq (Persian:مجاهدین ِ خلق), also known as MEK - a well-known Iranian group seeking to replace the current regime in Iran. The conference was cancelled following the attack. In September 2022, the actor launched a second campaign targeting Albanian border crossings. On December 24th, 2023, the actor publicized the current campaign, described in this blog, targeting Albanian infrastructure and government organizations.
ObservedCountries: Albania.
Tools usedNo-Justice Wiper, Plink, RevSocks, W2K Res Kit.

Last change to this card: 17 January 2024

Download this actor card in PDF or JSON format

Previous: Hidden Lynx, Aurora Panda
Next: Honeybee

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]