Iranian Hacker Used No-Justice Wiper Malware to attack Albania! A wiper known as No-Justice was used in the most recent wave of cyberattacks directed on Albanian NGOs. Based on research conducted by cybersecurity firm ClearSky, the malware for Windows “crashes the operating system in a way that it cannot be rebooted.” An Iranian “psychological operation group” called Homeland Justice, which has been operating since July 2022 and has expressly been planning devastating assaults against Albania, has been blamed for the incursions.

The enemy reappeared on December 24, 2023, following a period of inactivity, declaring that it was “back to destroy supporters of terrorists” and referring to its most recent initiative as #DestroyDurresMilitaryCamp. Currently, the People’s Mojahedin Organization of Iran (MEK) is a dissident group based in the Albanian city of Durrës. The Albanian parliament, Eagle Mobile Albania, Air Albania, and ONE Albania were among the targets of the attack.

Defined No-Justice Malware:

Administrator rights are needed to delete data from the machine using the 220.34 KB binary No-Justice wiper (NACL.exe).The process entails eliminating the boot signature from the Master Boot Record (MBR), which denotes the initial sector of a hard drive that pinpoints the location of the operating system to enable its loading into a computer’s RAM. With order to aid with reconnaissance, lateral movement, and persistent remote access, authentic tools like RevSocks, Plink (also known as PuTTY Link), and the Windows 2000 resource kit are also supplied during the attack.

Cyber Groups Interest:

As a result of ongoing geopolitical tensions in the Middle East, Iranian threat actors like YareGomnam Team, Haghjoyan, Cyber Av3ngers, and Cyber Toufan have been focusing more and more on Israel and the United States. “In their cyberattacks, groups like Cyber Av3ngers and Cyber Toufan seem to be taking a revenge narrative,” Check Point said last month. Specifically, Cyber Toufan has been connected to a plethora of hack-and-leak activities that have affected more than 100 firms, Erasing compromised hosts and posting stolen information on their Telegram channel.

Government Actions:

According to security expert Kevin Beaumont, “they’ve caused so much damage that many of the orgs – almost a third, in fact, haven’t been able to recover.” A combination of Israeli state government organizations and private businesses were among the erased victims; some of these are still completely offline more than a month later.

The Israel National Cyber Directorate (INCD) announced last month that since the start of the Israel-Hamas conflict in October 2023, it has been watching some 15 hacking groups linked to Iran, Hamas, and Hezbollah that are actively operating in Israeli cyberspace with harmful intent. The agency added that by using psychological warfare and wiper malware to delete critical data, the strategies and tactics utilized are comparable to those used in the conflict between Russia and Ukraine.