FBI-CISA report on cyber attacks: Hackers had network access 14 months before the attack
The FBI and the Cyber ??Security Agency (CISA) have broken down the scheme of cyber attacks in Albania.
In their statement, it is emphasized that the attackers had access to the network 14 months before the attack and used e-mail.
By June 2022 hackers secured credentials from networks and in July 2022 launched ransomware (viruses) on networks. When network defenders identified and began responding to the ransomware activity, cyber actors deployed a version of the devastating ZeroCleare malware. The September attack was revenge for the breakdown of relations between Albania and Iran.
In June 2022, HomeLand Justice created a website and multiple social media profiles that posted anti-MEK messages. On July 18, 2022, Homeland Justice took credit for the cyberattack on the Albanian government's infrastructure. From late July to mid-August 2022, social media accounts associated with HomeLand Justice advertised the Government's information, posting a survey asking respondents to select information to be released by HomeLand Justice, and then published that information.
In September 2022, Iranian cyber actors launched another wave of cyber attacks against the Government of Albania, using TTP and malware similar to the July cyber attacks. These were likely done as revenge for the severance of diplomatic relations between Albania and Iran.