Albanian Post has been hit by a cyberattack affecting its IT infrastructure, according to the National Cyber Security Authority of Albania.
According to the official statement, the attack occurred on Wednesday evening but did not disrupt services, and no data has been deleted.
This marks the second cyberattack in recent days targeting institutions in Albania. On March 10, the Parliament of Albania faced another cyberattack, which resulted in partial data deletion from some administrative user accounts.
Responsibility for both incidents has been claimed by Homeland Justice, a group that first appeared in 2022 during attacks on the government portal e-Albania.
According to an analysis by Microsoft, the group is linked to a structure connected to the Iranian government.
In a message published on Telegram, the group claimed the attack on Albanian Post is related to its “ongoing cooperation with terrorists,” referring to the People’s Mojahedin Organization of Iran, and accused the institution of facilitating the group’s activities.
Who is MEK?
The People’s Mojahedin Organization of Iran presents itself as an exiled opposition movement against the Iranian regime. Founded as a Marxist group opposing the Shah, it supported the Iranian Revolution but later clashed with the Islamic regime, carrying out assassinations and bombings.
It remained on the U.S. list of terrorist organizations for years until being removed in 2013. That same year, with mediation from the United Nations and the United States, its members were relocated from Iraq to Albania, where they established the “Ashraf-3” camp near Durrës.
However, the movement does not enjoy broad support in Iran. Its involvement in violent acts during the 1970s–1980s and its support for Iraq during the Iran–Iraq War have led many Iranians to view it as traitorous.
In Albania, MEK’s presence has often been controversial. On June 20, 2023, state police raided their camp over suspicions of “provoking war” and “cyberattacks,” allegations the organization has denied.
Investigation and Institutional Response
The National Cyber Security Authority announced that a team of experts has begun analyzing the incident, verifying any potential breaches, and isolating systems to prevent further impact.
As a result, some services have been temporarily taken offline by Albanian Post.
Authorities also confirmed that some allegedly stolen data has been published, but it is still being verified for authenticity and origin.
“So far, the amount of potentially exposed data is considered limited,” the statement said.
U.S. Targets Iran-Linked Cyber Infrastructure
On March 20, the United States announced it had conducted an operation against cyber infrastructure linked to Iran, seizing four websites used for attacks and psychological operations.
According to U.S. authorities, two of them—“Justicehomeland.org” and “Karmabelow80.org”—were used to publish documents stolen from Albanian state institutions.
Since 2022, Albania has accused Iran of a series of cyberattacks against state infrastructure, which ultimately led to the severing of diplomatic relations between Tirana and Tehran.
Meanwhile, Homeland Justice has warned that its future actions will be “more severe.”
