Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Iranian cyber attack. Show all posts

Albanian President Holds Meeting with NSC Over Iran Cyber Attacks Led by HomeLand Justice

 

In the wake of the ongoing cyber attacks led by hackers group HomeLand Justice, the Albanian President Bajram Begaj recently held a meeting with the National Security Council (NSC) in the Albanian capital, Tirana on 10th October, Monday. The meeting, attended by senior government officials was conducted in order to discuss the issue of persistent cyberattacks, carried out against state infrastructure by Iran. 

The meeting was attended by Albanian Prime Minister Edi Rama, Prosecutor General Olsjan Çela, Director General of Police Muhamet Rrumbullaku, Chairman of the Security Commission Nasip Naço, and senior intelligence officials. 

The threat actors referred to as HomeLand Justice is a hacker group sponsored by the Iranian government’s advanced persistent threat (ATP) actors. The hackers attempted to paralyse public services, and delete and steal governmental data, disrupting the government’s websites and services, which created a nuisance in the state. 

Earlier this year, in July, HomeLand Justice took to social media, demonstrating the attack pattern of advertising the Albanian Government about the leaks, and posting polls asking the viewers to select the hacked information they want to be published.  

A similar attack was launched in September against the Albanian government, possibly instigated in retaliation for public attribution of the previous attacks, it severed diplomatic ties between the governments of Iran and Albania. 

Over the weekend, threat actors published the hacked data pertaining to employees of the State Police on the Telegram channel operated by Homeland Justice. The leaked data involved names, personal information and photographs, ID numbers, age, name, and photo. 

Although not much information has been provided about the meeting that lasted for two hours, Finance Minister Delina Ibrahimaj briefed about the meeting in an unrelated press conference. 

“In fact, it is the role of the president to call the national security committee on various issues. We discussed the current issues of cyber attacks. Each institution reported on the measures taken, on the level of impact and on the measures that will be taken in the future to cope with the situation”, stated Delina. 

The National Security Council was last addressed on 14th February 2022 by former president Ilir Meta in regard to Russia-Ukraine tensions.

US cyber attacks on Iranian targets not successful: Minister

U.S. cyber attacks against Iranian targets have not been successful, Iran's telecoms minister said on Monday, within days of reports that the Pentagon had launched a long-planned cyber attack to disable his country's rocket launch systems.

Tension runs high between longtime foes Iran and the United States after U.S. President Donald Trump on Friday said he called off a military strike to retaliate for the Middle East nation's downing of an unmanned U.S. drone.

U.S. President Donald Trump said on Saturday he would impose fresh sanctions on Iran but that he wanted to make a deal to bolster its flagging economy, an apparent move to defuse tensions following the shooting down of an unmanned U.S. drone this week.

On Thursday, however, the Pentagon launched a long-planned cyber attack, Yahoo News said, citing former intelligence officials. The cyber strike disabled Iranian rocket launch systems, the Washington Post said on Saturday.

"They try hard, but have not carried out a successful attack," Mohammad Javad Azari Jahromi, Iran's minister for information and communications technology, said on social network Twitter.

"Media asked if the claimed cyber attacks against Iran are true," he said. "Last year we neutralised 33 million attacks with the (national) firewall."

Azari Jahromi called attacks on Iranian computer networks "cyber-terrorism", referring to Stuxnet, the first publicly known example of a virus used to attack industrial machinery, which targeted Iran's nuclear facilities in November 2007.

Stuxnet, widely believed to have been developed by the United States and Israel, was discovered in 2010 after it was used to attack a uranium enrichment facility in the Iranian city of Natanz.

Washington accused Tehran of stepping up cyber attacks.

Officials have detected a rise in "malicious cyber activity" directed at the United States by people tied to the Iranian government, Chris Krebs, director of the Department of Homeland Security's cybersecurity agency, said on Saturday on Twitter.

#BatchWiper, a new data-wiping virus targets Iranian computers


Recently, The Iranian CERT reported that a new piece of malware targets Iranian computers that capable of wiping the files from the infected computers.

SophosLabs have analyzed the new sample and confirmed that the malware attempt to erase the contents of any files on D, E, F, G, H and I drives.

The malware is distributed as a self-extracting WinRAR archive called GrooveMonitor.exe that drops three executable files: juboot.exe, jucheck.exe and SLEEP.EXE.

The 'justboot.exe' is a DOS BAT file that has been converted to PE format that uses 'SLEEP.exe' to wait for few seconds before it adds a registry entry that ensures that 'jucheck.exe' is executed each time the computer restarted.

The primary function of the malware is wiping the files from hard drive, but it does so only within few specific date ranges, each about two days long.

After deleting the data , the malware runs chkdsk in order to trick the victim into believing that the files have been corrupted because of software or hardware failure.