Ransomware Used Against Albania Linked To Iran

The recent cyber attacks that disrupted government systems in NATO member Albania have been linked to Iran. The hackers who carried out  cyber attacks on Albanian government websites were acting in response to the Iranian opposition group Mojahedin-e Khalq’s appearance at a conference in of Iranian dissidents in the Albanian city of Durres.  Forensic analysis of these attacks by researchers at Mandiant has revealed a new types of ransomware being used. 

Mandiant found the ransomware after it had been uploaded from Albania to a public malware repository a few days after the cyber attack was launched and have named it 'Roadsweep'. 

While the researchers could not confirm that the ransomware was indeed used in the attack, the malware encrypts files on compromised systems and then drops a ransom note. Mandiant researchers consider that other NATO members could be targeted in similar operations.

They also detected a website and Telegram channel named ‘HomeLand Justice’, which took credit for a ransomware operation aimed at the Albanian government. The site implied that a group of Albanian citizens unhappy with their government were responsible. 

However, on closer examination, this group appears to be an Iranian organisation designated as a terrorist group by the US State Department.

Following a thorough investigation, the researchers were able to determine that the Roadsweep ransomware shared code with a back door named Chimneysweep that allows its operators to take screenshots, log keystrokes and steal files. It was uploaded to a public malware repository along with a sample of a wiper malware that Mandiant has named 'Zeroclear'. 

While Mandiant was unable to confirm that this malware was used in this operation, Zeroclear was previously used by Iran-linked threat actors for disruptive activities in the Middle East

Albania's experience highlights the vulnerability of national IT infrastructure without adequate resilience. "The use of ransomware to conduct a politically motivated disruptive operation against the government websites and citizen services of a NATO member state in the same week an Iranian opposition groups' conference was set to take place would be a notably brazen operation by Iran-nexus threat actors," the researchers said.

Mandiant:    I-HLS:     Cyberscoop:   The Register:   Hacker News:     Security Week:      Industrial Cyber

You Might Also Read:

Israeli Government Websites Knocked Offline:

 

« Lazarus Targets FinTech Engineers With MacOS Malware
Technology To Combat Human Trafficking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

C2B2 Consulting

C2B2 Consulting

C2B2 are experts in middleware support and consultancy. We specialise in ensuring scalability, performance and security of large scale systems.

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

Smart Hive

Smart Hive

Smart Hive has created a platform that will allow organizations to share real-time, relevant and actionable threat intelligence among each other while maintaining confidentiality.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.