Former US Secretary of State Mike Pompeo visiting the MEK leader Maryam Rajavi in Albania in May 2022

Iran-Backed Hackers Behind Cyberattack On Albanian Government Sites

Friday, 08/05/2022

A leading US cybersecurity firm said Thursday a cyberattack that temporarily shut down numerous Albanian government digital services and websites in mid-July was done by Iran-backed hackers.

Cybersecurity firm Mandiant expressed “moderate confidence” the attackers were acting in support of Tehran’s efforts to disrupt a conference of the exiled Albania-based opposition group Mujahideen-e Khalq (MEK).

In its report, the company said that several factors reveal that the attack was carried out by pro-Iran hackers, including the timing, the content of a social media channel used to claim responsibility, and similarities in software code used with malware long used to target Farsi and Arabic speakers.

On July 18, Mandiant identified a new ransomware family dubbed ROADSWEEP, which drops a politically themed ransom note suggesting it targeted the Albanian government, and a group named “HomeLand Justice” claimed credit for the disruptive activity.

The “HomeLand Justice” posted a video of the ransomware being executed on its website and Telegram channel alongside documents purported to be Albanian residence permits of MEK members.

The July 23-24 conference by the dissident group, titled The Free Iran World Summit, was canceled following warnings from local authorities of a possible terrorist threat. The conference was scheduled to be held at Ashraf 3 camp in Manez -- 30 kilometers (19 miles) west of Albania’s capital, Tirana – where 3,000 MEK members live. Several US lawmakers were also among the invitees.

In July, Iran's Foreign Ministry sanctioned a group of US officials and lawmakers over their alleged support for the MEK group, that Tehran considers a terrorist organization.

More News