Iran-Friendly Hackers Carried Out Disruptive Attacks on Albanian Government Websites

Nomad says attackers who return 90% of stolen funds will be considered 'white hat,' Russian national who profited from cybercrime extradited to U.S., Bitter APT has spied on thousands, much more

Photo by Ergys Temali on Unsplash

Mandiant researchers say that hackers working to further the Iranian government’s goals who are angry over the Iranian opposition group Mojahedin-e Khalq’s (MEK) upcoming conference in Albania carried out disruptive cyberattacks on Albanian government sites last month.

The attacks, which forced the government of Albania to shut down online access to multiple government services, may have included a previously unknown backdoor called ChimneySweep and a newly discovered ransomware tool known as RoadSweep to attack the government systems.

In addition, the day after the initial attacks, malware known as ZeroClear, previously linked to Iranian hackers, was uploaded to a public malware registry. It’s unclear whether that sample was used as part of the July 17 attack, but a video uploaded to a website claiming responsibility for th…