CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania.

In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware.

AA22-264A Alert, Technical Details, and Mitigations

CISA’s free Cyber Hygiene Services (CyHy)

CISA’s zero–trust principles and architecture.

Iran Cyber Threat Overview and Advisories.

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.