Mandiant, a leading U.S. cybersecurity firm, expressed “moderate confidence” last month that the attackers were acting in support of anti-dissident efforts. A group calling itself “HomeLand Justice” claimed credit for the cyberattack that used ransomware to scramble data. Ransomware is best known for its use in for-profit extortion, but is being increasingly wielded for political ends, particularly. The claim by “HomeLand Justice” came on a Telegram channel in which documents purported to be Albanian residence permits of members of the opposition group Mujahedeen-e-Khalq group — best known as MEK — were posted, along with video of the ransomware being activated.