Agrius Iranian APT Group Cuts Into Diamond Industry
The supply chain attack is piggybacking off an earlier breach to deploy new wiper malware.
A previous cyberattack on an Israeli software developer is being used by Agrius Advanced Persistent Threat (APT) group to launch wiper attacks against various organizations in the diamond industry.
Although Agrius and its attack against Israeli IT and HR companies last February was previously known, using the "Fantasy" wiper in attacks is new, according to researchers at ESET.
Fantasy is a modified iteration of the Apostle malware, the team said. But while its predecessor Apostle masqueraded as ransomware, Fantasy dispenses with the charade and moves directly to destroying files.
So far, ESET reported, Fantasy victims have been found in Hong Kong, Israel, and South Africa.
"Agrius is a newer Iran-aligned group targeting victims in Israel and the United Arab Emirates since 2020," ESET researchers explained. "Agrius exploits known vulnerabilities in internet-facing applications to install webshells, then conducts internal reconnaissance before moving laterally and then deploying its malicious payloads."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024