Iranian threat actor targets the Albanian government using ROADSWEEP ransomware

Threat Level

Attack Report

For a detailed advisory, download the pdf file here

Summary

A cyberattack that took place in mid-July momentarily disrupted various Albanian government services and websites and was most likely the work of Iranian hackers. The attack used a new ransomware family called ROADSWEEP, an unknown backdoor CHIMNEYSWEEP and a new variant of the ZEROCLEAR wiper.