• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Iranian APT Agrius Targets Diamond Industry Worldwide With Fantasy Wiper

You are here: Home / General Cyber Security News / Iranian APT Agrius Targets Diamond Industry Worldwide With Fantasy Wiper
December 8, 2022

An Iran-dependent sophisticated persistent menace (APT) group regarded as Agrius has conducted provide chain-targeted attacks from the diamond industry (and other folks) across three continents.

The statements appear from security scientists at welivesecurity by ESET, who posted an advisory about Agrius on Wednesday.

In the technological produce-up, ESET senior risk intelligence analyst Adam Burgher stated the group analyzed a offer chain attack specific at an Israeli software package developer to deploy Fantasy, Agrius’s new wiper.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The Fantasy wiper is built on the foundations of the previously claimed Apostle wiper but does not endeavor to masquerade as ransomware, as Apostle initially did,” Burgher described.

“Instead, it goes ideal to function wiping details. Victims had been noticed in South Africa – in which reconnaissance commenced a number of weeks in advance of Fantasy was deployed – Israel and Hong Kong.”

Burgher extra that victims in Israel bundled an IT aid products and services firm, a diamond seller and an HR consulting organization. South African victims, on the other hand, were from a one business in the diamond field, and the Hong Kong target was a jeweler.

In terms of practices, the ESET researchers described Agrius normally exploits identified vulnerabilities in internet-struggling with programs to install web shells. The group then conducts inside reconnaissance just before going laterally and deploying its destructive payloads.

“Since its discovery in 2021, Agrius has been solely centered on destructive functions,” Burgher wrote.

Simply because of this, the security researcher mentioned Agrius operators perhaps executed a provide-chain attack by focusing on the Israeli application company’s software package updating mechanisms to deploy Fantasy to victims in Israel, Hong Kong and South Africa.

“Fantasy is identical in quite a few respects to the previous Agrius wiper, Apostle, that initially masqueraded as ransomware before becoming rewritten to be true ransomware,” Burgher extra.

“[It] helps make no energy to disguise alone as ransomware. Agrius operators utilised a new software, Sandals, to connect remotely to programs and execute Fantasy.”

A listing of indicators of compromise (IoCs) for Agrius is accessible in the ESET advisory. Its publication follows the discovery of other state-backed Iranian menace actors who remained undetected within an Albanian govt network for 14 months just before deploying damaging malware.


Some sections of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «researchers uncover darknet service allowing hackers to trojonize legit android Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps
Next Post: US Sues TikTok Over Child Safety and Data Security Claims Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace
  • Personal Storage Table Files Accessed in Rackspace Attack
  • Security Industry Hits Back with MegaCortex Decryptor

Copyright © TheCyberSecurity.News, All Rights Reserved.