Iran-linked hackers claim attack on Albania's Institute of Statistics

An Iran-linked hacking group with a history of targeting Albanian state agencies and businesses said on Thursday that it was behind an attack on the country’s Institute of Statistics (INSTAT), which is responsible for census information and other official statistics.

Due to the “sophisticated” cyber incident that affected INSTAT’s official website and email service, the agency announced that it would postpone the release of official statistics until further notice.

In a statement on Friday, INSTAT said that recent census data was not accessed by hackers, because it “is stored in other systems dedicated specifically for this purpose.”

The hackers, however, claimed that they had accessed over 100 terabytes of Albania’s geographic information system and population data.

"The data have been copied and removed from the servers," the group, called Homeland Justice, wrote on their Telegram channel along with a video showing allegedly leaked documents. The group has not yet published the data, making it impossible to verify their claims.

After the incident occurred on January 31, INSTAT claimed it immediately disabled its internet connection and notified relevant state agencies.

Read More: US sanctions Iranian military hackers for attacks on water facilities

Albania’s cyber agency (AKCESK) said that it formed a group of experts and collaborated with the state police to help INSTAT recover the affected systems and analyze the tactics and techniques used by the threat actor behind the incident.

According to its statement, the information infrastructure owned by the institute is not categorized as critical and, therefore, does not fall under the control of AKCESK. “This infrastructure is hosted and managed on the premises of this institution,” the agency said.

Neither INSTAT nor Albanian cyber officials mentioned Homeland Justice's involvement in the attack.

Cybersecurity researchers said Iranian hackers have been responsible for recent attacks on the Albanian parliament, two local telecom companies, and Albania’s flagship air carrier. During the analysis of those attacks, researchers discovered a wiper malware named No-Justice, which is linked to Iran, in the victims' systems.

Researchers described Homeland Justice as an “Iranian psychological operation group.” It is likely state-sponsored.

Homeland Justice launched its first campaign against Albania last July, targeting the country’s e-government systems. In September, Albania reported that hackers linked to Iran's government targeted computer systems used by the national police to track individuals entering and leaving the country. The attack prompted authorities to shut down computer control systems at border crossings and airports.

A spokesman for the Iranian Ministry of Foreign Affairs had previously denied that the country has been involved in any attack targeting Albania, calling the accusations “baseless” and “unproven.”