Names | HomeLand Justice (self given) | |
Country | Iran | |
Sponsor | State-sponsored | |
Motivation | Sabotage and destruction | |
First seen | 2022 | |
Description | (ClearSky) On September 23rd, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released an advisory analyzing a wave of cyber-attacks targeting the Government of Albania. The group, identifying as 'HomeLand Justice,' was attributed as an Iranian state threat actor. Homeland Justice launched its first campaign on July 15th, 2022, targeting Albanian e-government systems right before a planned conference of Iranian opposition group Mojahedin-e Khalq (Persian:مجاهدین ِ خلق), also known as MEK - a well-known Iranian group seeking to replace the current regime in Iran. The conference was cancelled following the attack. In September 2022, the actor launched a second campaign targeting Albanian border crossings. On December 24th, 2023, the actor publicized the current campaign, described in this blog, targeting Albanian infrastructure and government organizations. | |
Observed | Countries: Albania. | |
Tools used | No-Justice Wiper, Plink, RevSocks, W2K Res Kit. | |
Operations performed | Jan 2024 | Iran-linked hackers claim attack on Albania's Institute of Statistics <https://therecord.media/iran-linked-hackers-claim-attack-on-albania-census-org> |
Information | <https://www.clearskysec.com/wp-content/uploads/2024/01/No-Justice-Wiper.pdfhttps://www.clearskysec.com/wp-content/uploads/2024/01/No-Justice-Wiper.pdf> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-264a> |
Last change to this card: 06 March 2024
Download this actor card in PDF or JSON format
Previous: Hidden Lynx, Aurora Panda
Next: Honeybee
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |