CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 22 September 2022

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware. AA22-264A Alert, Technical Details, and Mitigations CISA’s free Cyber Hygiene Services (CyHy) CISA’s zero–trust principles and architecture. Iran Cyber Threat Overview and Advisories. All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a SISA Cybersecurity Alert.
0:14.0	ID number Alpha Alpha 22 TAC 264 Alpha.
0:20.0	Original release date, September 21st, 2022.
0:24.0	In July 2022,
0:28.0	in July 2022,
0:29.0	Iranian state cyber actors,
0:31.0	identifying as Homeland Justice, launched a destructive cyber attack
0:35.1	against the government of Albania which rendered websites and services unavailable.
0:38.8	An FBI
0:42.5	investigation indicates Iranian state cyber actors acquired initial access to the
0:44.1	victim's network approximately 14 months before
0:46.5	launching the destructive cyber attack, which included a ransomware style
0:50.1	filing cryptor and disk wiping malware.
0:55.0	The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating email content.
1:00.0	Between May and June 2022, Iranian state cyber actors conducted lateral movements, network
1:06.5	reconnaissance, and credential harvesting from Albanian government networks.
1:10.4	In July 2022, the actors launched ransomware on the networks.
1:14.4	When network defenders identified and began to respond to the ransomware activity,
1:18.4	the cyber actors deployed a version of zero clear destructive malware.
1:22.0	In June 2022, of Zero Clear destructive malware.
1:23.0	In June 2022, Homeland Justice created a website and multiple social media profiles
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.