At least 40 computers have been infected with the virus targeting the data deletion of the Institute of Statistics (INSTAT), and the goal has been achieved in at least six of them.
The National Authority for Electronic Certification and Cybersecurity (ACESK) provided an update on the balance resulting from the nearly two-week attack, detailing the consequences and measures taken.
“From the analysis conducted so far, it has been confirmed that the attackers used the file MEK-DDMC.exe to execute a malicious content virus. This attack, known as Wiper, aimed to delete the data of the Boot sector and compromise devices within Active Directory.
The entry into the system is believed to have been exploited through the Exchange server due to an outdated version. Malicious actors managed to escalate privileges and take control of the Active Directory system and the Data Protection Manager, distributing the virus to devices and servers on the network.
The distributed virus has infected 40 computers, from which it has deleted six. Subsequently, the virus wiped the server where command executions were performed. After this, the actors lost communication with the infrastructure,” according to the ACESK update.
This authority assesses that from the available information, the actors behind this cyberattack have been identified as Homeland Justice, a state-sponsored Iranian attack group that has already carried out other attacks in the past.
On February 1, 2024, the Institute of Statistics faced a cyberattack targeting its technological infrastructure. After this was discovered by responsible institutions, the process of investigation and neutralization of the attacks continued for several days. In a statement to the media, INSTAT emphasized that Census data was not affected by this attack.
This is not the first time Albanian institutions have been subjected to cyberattacks. In the summer of 2022, the same group targeted the centralized platform for providing electronic services to citizens, businesses, and public administration, disrupting operations for several consecutive days.
At that time, foreign assistance was sought to identify and minimize the effects as attacks on various public institutions became commonplace.
