Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice.

The findings come from cybersecurity company ClearSky, which said the Windows-based malware “crashes the operating system in a way that it cannot be rebooted.”

On December 24, 2023, the adversary resurfaced after a hiatus, stating it’s “back to destroy supporters of terrorists,” describing its latest campaign as #DestroyDurresMilitaryCamp. The Albanian city of Durrës currently hosts the dissident group People’s Mojahedin Organization of Iran (MEK).

Targets of the attack included ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament.

The No-Justice wiper (NACL.exe) is a 220.34 KB binary that requires administrator privileges to erase the data on the computer.

This is accomplished by removing the boot signature from the Master Boot Record (MBR), which refers to the first sector of any hard disk that identifies where the operating system is located in the disk so that it can be loaded into a computer’s RAM.

No-Justice Wiper Malware

The development comes as pro-Iranian threat actors such as Cyber Av3ngersCyber ToufanHaghjoyan, and YareGomnam Team have increasingly set their sights on Israel and the U.S. amid continuing geopolitical tensions in the Middle East.

Cyber Toufan, in particular, has been linked to a deluge of hack-and-leak operations targeting over 100 organizations, wiping infected hosts and releasing stolen data on their Telegram channel.

“They’ve caused so much damage that many of the orgs – almost a third, in fact, haven’t been able to recover,” security researcher Kevin Beaumont said. “Some of these are still fully offline over a month later, and the wiped victims are a mix of private companies and Israeli state government entities.”

The agency further noted that the techniques and tactics employed share similarities with those used in the Ukraine-Russia war, leveraging psychological warfare and wiper malware to destroy sensitive information.