Feds: Albanian gov’t network compromised over a year before Iranian cyberattack

Iranian state-sponsored threat group HomeLand Justice was reported by the FBI and the Cybersecurity and Infrastructure Security Agency to have initially infiltrated the Albanian government network nearly 14 months before deploying the devastating cyberattack against the country in July, according to BleepingComputer. "The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content," said the FBI and CISA in a joint advisory. After claiming the attack, which involved the delivery of a ransomware-style file encryptor and disk wiping malware, HomeLand Justice proceeded to leak data stolen from the network of the Albanian government. "These were likely done in retaliation for public attribution of the cyberattacks in July and severed diplomatic ties between Albania and Iran," said the agencies. The attack has prompted Albania to cut diplomatic ties with Iran, but Iranian state-backed actors have since launched a new wave of attacks leveraging techniques similar to those used in the July intrusion.