New Threat Research: Analyzing CryptoJS Encrypted Phishing Attempt 

Read Threat Research


Iranian Actor Agrius Targets Israel with Wipers

Analysts at SentinelOne have released a report detailing an Iranian threat actor that they’ve named “Agrius,” TheRecord reports. Agrius has been tracked since early 2020, and has recently shifted their focus towards Israel-targeted operations. Agrius makes use of a data-wiping malware family, DEADWOOD, which has been attributed to Iranian threat actors in the past.  Additionally, this actor, possibly in a bid to evade detections, deployed another sample named Apostle that also tried to delete files. SentinelLabs noted that Apostle did not work properly.

Analyst Notes

As this actor typically leveraged 1-day vulnerabilities in Internet-connected systems in order to deploy their malware, Binary Defense recommends users ensure that all web-facing products are up to date with the latest security patches. This will ensure that actors who reverse engineer the patch cannot infect critical devices. Additionally, Binary Defense recommends deploying a 24/7 SOC monitoring solution, such as Binary Defense’s own Security Operations Task Force, to respond quickly whenever threat activity is detected.