26 May 21, 08:14
Quote:A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated.
Sentinel Labs analysts said they have been tracking Agrius’ operations in Israel since 2020 and have observed the evolution of the group’s malware, Apostle, to include ransomware functionality. Researchers added that the wiper attacks were conducted using a secondary malware called “Deadwood” (a.k.a. “Detbosit”), which Sentinel Labs said has “unconfirmed links to an Iranian threat group.”
Analysts observed Agrius shift its approach from carrying out basic espionage to asking victims for money to retrieve their data — even though the data was destroyed and couldn’t be returned for any amount of money.
“An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets,” Sentinel Labs explained. “The operators behind the attacks intentionally masked their activity as ransomware attacks, an uncommon behavior for financially motivated groups. Considering this and the nature of the known targets, we assess this is a nation-sponsored threat group.”
Read more: 'Agrius' APT Launches Wiper Attacks Against Israelis | Threatpost