The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory on Sept. 21 that revealed Iranian hackers had access to the Albanian government’s network about 14 months before launching the destructive July cyberattack.
The cyberattack occurred on July 15, destroying Albanian government data and disrupting government services. As a result, Albania cut off diplomatic relations with Iran – making it the first known nation to do so over a cyberattack.
According to the joint advisory, the Iranian state cyber actors acquired initial access to the victim’s network 14 months before the July cyberattack, “which included a ransomware-style file encryptor and disk wiping malware.”
“In September 2022, Iranian cyber actors launched another wave of cyberattacks against the Government of Albania, using similar TTPs and malware as the cyberattacks in July,” the agencies said in their report. “These were likely done in retaliation for public attribution of the cyberattacks in July and severed diplomatic ties between Albania and Iran.”
The hackers, who call themselves “HomeLand Justice,” claimed credit for the initial cyberattack and published videos of the attack on their website. From late July to mid-August 2022, social media accounts associated with HomeLand Justice advertised Albanian Government information for release.
The FBI and CISA advised organizations to follow cybersecurity best practices and follow a variety of mitigation efforts, such as ensuring anti-virus and anti-malware software are enabled.