The Iranian hacker group targeting Albanian organizations with the use of a wiper named No-justice. It was the windows based malware that crashes the operating system in a way that it cannot be rebooted. The hacker group named Homeland justice specifically developing destructive attacks against Albania. On January 06, 2024 two primary tools were deployed during the attack including an executable wiper and a Power shell script which was designed to spread the former to other machines in the target network which was executed after enabling Windows Remote Management (WinRM).

What were the vulnerability and how it impacted the target?

The No justice wiper NACL.exe is a 220.34KB binary that requires administration privileges to erase the data on the computer. It was done by removing the boot signature from the Master Boot Record (MBR) which refers to first segment of any hard disk that has information about where the operating system (OS) is located in the disk so that they gain the administrative access.

They have caused so much damage that many of organizations almost a third in fact , have not been able to recover, some of these are still fully offline over a month later , these target victims are a mix of private companies and Israeli state government entities.

They also delivered some legitimate tools like putty link, RevSocks, and windows 2000 resource kit which further helped attackers in reconnaissance and consistent remote access.

 

How avoid these attacks and leak of data ?

The attack not only caused the organization reputation to suffer but also caused geopolitical instability and tension as a cyber security enthusiast these could be the most significant steps in avoiding such attacks and consequences mitigating the risks associated.

1. Least privileged policies must be implemented

Strict access control to limit the impact of the potential breaches. Users and processes should only have access to resources which are relevant and required for their roles and responsibilities.

2. Breaking Into Parts

Creating various sub networks and segments which will result in less spread of malicious content. Use of firewalls intrusion detection / prevention system along with strong authentication systems.

3. Spreading awareness to the employees

Organizing various cybersecurity training and awareness programs can empower employees to recognize and respond to potential threats proactively. Educating staff on identifying phishing emails and practicing good password hygiene is crucial. Risks of social engineering. How to verify the legitimacy of emails, attachments and links

4. Having a good incident response plan

Develop and implement a comprehensive incident response plan. This can include the procedures, eradication and steps to be taken whenever the incident occurs or likely to occur. Although there can be many other factors involved in preventing such incidents but about are basic safety measures and procedures one should consider when dealing cyber criminals