Pro-Iranian hacker group targets Albania with No-Justice Wiper malware

No-Justice Wiper Malware

The recent wave of cyber attacks targeting Albanian organizations used a so-called windshield wiper No justice.

The findings come from cybersecurity firm ClearSky, which said the Windows-based malware “crashes the operating system to the point where it cannot be restarted.”

The burglaries are attributed to an Iranian “psychological operations group” called Homeland Justice, which has been active since July 2022, specifically orchestrating destructive attacks on Albania.

On December 24, 2023, the opponent resurfaced after a hiatus and declared that he is “back to destroy supporters of terrorists”, describing his latest campaign as #DestroyDurresMilitaryCamp. The Albanian city of Durrës currently hosting the dissident group People’s Mojahedin Organization of Iran (MEK).

Targets of the attack included ONE Albania, Eagle Mobile Albania, Air Albania and the Albanian Parliament.

Two of the key tools deployed during the campaign include an executable wiper and a PowerShell script designed to pass the former to other machines on the target network after Windows Remote Management is enabled (WinRM).

The No justice eraser (NACL.exe) is a 220.34 KB binary file that requires administrator rights to erase the data on the computer.

This is achieved by extracting the boot signature from the Master Boot Record (MBR), which refers to the first sector of any hard drive that identifies where the operating system is located on the drive so that it can be loaded into a computer’s RAM.

During the course of the attack, legitimate tools such as Plink (aka PuTTY Link), RevSocks, and the Windows 2000 resource kit are also provided to enable reconnaissance, lateral movement, and persistent remote access.

No-Justice Wiper malware

The development comes as pro-Iranian threat actors such as Cyber ​​av3ngers, Cyber ​​Toufan, Guidedand the YareGomnam team have increasingly turned their sights to Israel and the US amid ongoing geopolitical tensions in the Middle East.

“Groups like Cyber ​​​​Av3ngers and Cyber ​​​​Toufan appear to be using a narrative of retaliation in their cyber attacks,” says Check Point revealed last month.

“By opportunistically targeting U.S. entities using Israeli technology, these hacktivist proxies seek to achieve a dual retaliation strategy – claiming to attack both Israel and the U.S. in a single, orchestrated cyberattack.”

Cyber ​​Toufan in particular has been linked to a flurry of hack-and-leak operations targeting more than 100 organizations, wiping infected hosts and storing stolen data on their Telegram channel.

“They’ve caused so much damage that many of the organizations – almost a third – haven’t even been able to recover,” said security researcher Kevin Beaumont. said. “Some of these are still completely offline over a month later, and the victims wiped out are a mix of private companies and Israeli state government agencies.”

Last month, the Israel National Cyber ​​Directorate (INCD) said It is currently tracking approximately 15 hacker groups linked to Iran, Hamas and Hezbollah that have been operating maliciously in Israeli cyberspace since the start of the war between Israel and Hamas in October 2023.

The agency further noted that the techniques and tactics used are similar to those used in the war between Ukraine and Russia, using psychological warfare and wiper malware to destroy information.


#ProIranian #hacker #group #targets #Albania #NoJustice #Wiper #malware

Notify of
Inline Feedbacks
View all comments
Previous Post
North Korea's Cyber Heist

DPRK hackers stole $600 million worth of cryptocurrency in 2023

Next Post
SpectralBlur macOS Backdoor

New macOS Backdoor Threat from North Korean Hackers

Related Posts