Revelations from the US about an alleged Iran-linked hacker group’s attempt to sell Albanians’ personal data have raised more questions about cyber defences in the Balkan country after a series of attacks on state systems.
Nensi Bogdani
Information about the attempted crime emerged via a federal lawsuit filed in the US District Court of Maryland in March 2025. According to the lawsuit, the hackers offered to sell the FBI agent a database containing national ID numbers, names, birth dates, addresses and other personal details of Albanian citizens.
“This information exposed sensitive personally identifiable information of Albanian citizens, which could be used for identity theft,” the court filing states.
BIRN contacted Albania’s National Cyber Security Authority for comment about the claims made in the Maryland court filing, did not respond by the time of publication.
The incident has again raised issues of cybersecurity in Albania, which were exacerbated in March this year by revelations about cyberattacks on parliament and Albanian Post. Both attacks were claimed by the allegedly Iran-linked Homeland Justice group, which has targeted Albania several times over the past few years.
The Homeland Justice group has been linked by US authorities and Microsoft to hackers believed to be based in Iran, and it became widely known for a series of cyberattacks against Albania’s digital infrastructure in 2022. These attacks resulted in the publication of databases containing information from state institutions, public officials and ordinary citizens.
Cybersecurity experts warn that the exposure of this data poses long-term risks for the public.
“Let’s call it what it is – there was a failure in prevention. Cyberattacks do not come out of nowhere; they target systems where vulnerabilities have existed for a long time,” Besmir Semanaj, a cybersecurity expert, told BIRN.
He explained that data circulating on illegal markets can be exploited for identity theft, financial scams, the creation of fake accounts, or even blackmail against individuals.
“Once data is leaked and enters the market, it never truly disappears – it keeps being reused,” he said.
The public filing in the Maryland court further suggested that, according to certain cybersecurity sources, the Homeland Justice hacker group is part of the same network as Handala Hack, an allegedly Iranian-linked hacker group that has targeted the US and Israel, and another hacker group called Karma Below.
According to the lawsuit, these groups are allegedly controlled by the same individuals connected to Iran’s Ministry of Intelligence and Security, MOIS.
Last month, the US Justice Department also announced the seizure of four domains that it said were linked to MOIS-backed groups: Handala-Hack.to, Karmabelow80.org, Justicehomeland.org and Handala-Redwanted.to.
The US Justice Department said “MOIS actors” used the Justicehomeland.org domain to claim responsibility for stealing sensitive documents from Albanian government organisations in 2022. “The motivation for leaking this information appears to be the Albanian government’s decision to support an Iranian dissident group called Mujahedeen e-Khalq or ‘MEK’. MEK has, in the past, openly advocated for the overthrow of the Iranian government,” it said.
Over 2,000 members of Mujahedin-e-Khalq [People’s Mujahedin of Iran], an exiled Iranian dissident group, live at a compound in Manaz in Albania. As a consequence, Albania’s authorities have a troubled relationship with Iran. In September 2022, Iranian embassy staff in Tirana were expelled over the Homeland Justice cyberattacks.
