Albanian organizations have fallen victim to a recent wave of cyber attacks orchestrated by an Iranian psychological operation group known as Homeland Justice. The attacks involve the use of a malicious wiper named No-Justice, discovered by cybersecurity company ClearSky. This Windows-based malware is particularly insidious as it renders the operating system irreparable, leaving affected systems unable to reboot. Homeland Justice, active since July 2022, resumed its destructive campaigns on December 24, 2023, declaring a new mission to “destroy supporters of terrorists” with the hashtag #DestroyDurresMilitaryCamp. Notable targets include ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament.
ClearSky’s findings shed light on the sophisticated tools deployed during the cyber onslaught. The primary instruments include the No-Justice wiper (NACL.exe), a 220.34 KB binary requiring administrator privileges to erase data by removing the boot signature from the Master Boot Record (MBR). This strategic attack on the MBR prevents the operating system from loading into a computer’s RAM. Additionally, a PowerShell script is utilized to propagate the wiper to other machines within the target network, taking advantage of Windows Remote Management (WinRM). The attacks extend beyond destructive methods, employing legitimate tools like Plink (PuTTY Link), RevSocks, and the Windows 2000 resource kit to facilitate reconnaissance, lateral movement, and persistent remote access.
The resurgence of Homeland Justice after a brief hiatus signals an ongoing threat to Albanian organizations, with the dissident group People’s Mojahedin Organization of Iran (MEK) in Durrës being a focal point. The cyber attacks underscore the increasing complexity and severity of threats in the digital landscape, requiring heightened cybersecurity measures and international cooperation to address the evolving tactics employed by malicious actors. The combination of destructive wipers and strategic deployment of legitimate tools highlights the need for organizations to bolster their defenses against multifaceted cyber threats that can cripple critical infrastructure and compromise sensitive data.
