The Albanian government has revealed that it was forced to shut down some of its web-based services due to a cyberattack on it. Accordingly, this incident was investigated by Mandiant, which is a cyber threat defense solutions and consequently, found a new threat.
However, it has not confirmed that the ransomware was actually used in the attack or not. The threat actor converts files on a compromised systems and then drops it on a ransom note stating that it will attack on the Albanian government.
Also, the investigators found a website and a Telegram channel termed as ‘HomeLand Justice’ claims that it has initiated this ransomware operation at the Albanian government. Also, the site refers that it has been operated by the Albanian citizens who are not happy with their government. However, the investigators doubts that the Mujahedeen-e-Khalq (MEK), an Iranian opposition organization referred as a terrorist group were behind this attack.
Consequently, Roadsweep ransomware shares the code with the Chimneysweep backdoor that allows the operators to take screenshots, documents and steal the sensitive information of the target. Shortly after the announcement of the Albanian government of it’s shut down, an unknown entity uploaded a public malware known as Zeroclear. Initially, Zeroclear was used by an Iran-linked threat actors for hacking activities and based on this information, Mandiant thinks that the Iranian threat actors are involved in the attacks on the Albanian government.
