The well-known meteorologist warns of drastic weather changes: Here's what will happen to the temperatures in the next 5 days
"There is still hope!", Albania 'smashes' Israel's gate, Uzuni performs a real magic (VIDEO)
"Witnesses can be killed"/ What Ervin Karamuço is warning: The scenarios are very scary, I hope they don't happen
What are they looking for? Police forces shield Vlora
COVID in Albania/ The Ministry of Health gives the important announcement: What has happened in the last 24 hours
"The Third World War has already started", the well-known Russian figure sounds the alarm: Nuclear catastrophe...
Oil is 'flying' again/ the Transparency Board changes prices again, this is how much fuel will be sold
The head of SPAK warns of sensational arrests among the corrupt, reveals that special prosecutors and BKH agents are cooperating with 20 joint investigative teams from EU countries
FBI report on cyber attacks from Iran: Here's how long the hackers were in the Albanian government's systems
Written by SOT.COM.AL 22 Shtator 2022
The Federal Bureau of Investigation (FBI) and the US Cyber ??Security and Infrastructure Security Agency (CISA) have published on Wednesday, September 21, an exhaustive report on Iran's cyber attacks against the Government of Albania.
According to this statement, the attackers had access to the network 14 months before the attack and exploited the email. By June 2022 the hackers secured the credentials from the networks and in July 2022 they launched the ransomware for the attack.
“In July 2022, Iranian state cyber actors – identified as Homeland Justice – launched a devastating cyber attack against the Government of Albania, which rendered websites and services unavailable. An FBI investigation shows that Iranian state cyber actors gained initial access to the network roughly 14 months before launching the devastating cyber attack, which included a ransomware-style file encoder and disk-wiping malware.
The actors maintained continuous access to the network for approximately one year, periodically accessing and exploiting the content of the email. "Between May and June 2022, Iranian state cyber actors conducted lateral movements, network discovery and credentialing of Albanian government networks," the US FBI report states.
Details from the US Intelligence Agency report on the attack
In July 2022, actors launched ransomware on networks, leaving an anti-Mujahid E-Khalq (MEK) message on desktops. When network defenders identified and began responding to ransomware activity, cyber actors deployed a version of the devastating ZeroCleare malware.
Në qershor 2022, HomeLand Justice krijoi një faqe interneti dhe profile të shumta të mediave sociale që postonin mesazhe anti-MEK. Më 18 korrik 2022, Homeland Justice pretendoi meritën për sulmin kibernetik ndaj infrastrukturës së qeverisë shqiptare. Më 23 korrik 2022, Homelan Justice postoi video të sulmit kibernetik në faqen e tyre të internetit.
Nga fundi i korrikut deri në mesin e gushtit 2022, llogaritë e mediave sociale të lidhura me HomeLand Justice demonstruan një model të përsëritur të reklamimit të informacionit të Qeverisë Shqiptare për publikim, duke postuar një sondazh ku u kërkon të anketuarve të zgjidhnin informacionin e qeverisë që do të publikohej nga HomeLand Justice, dhe më pas duke e lëshuar atë informacion —ose në një skedar .zip ose në një video të një regjistrimi në ekran me dokumentet e shfaqura.
In September 2022, Iranian cyber actors launched another wave of cyber attacks against the Government of Albania, using TTP and similar malware as the July cyber attacks. These were likely done in retaliation for the public attribution of cyber attacks in July and the severance of diplomatic relations between Albania and Iran.