Threat Watch

Iranian Actor Agrius Targets Israel with Wipers

Analysts at SentinelOne have released a report detailing an Iranian threat actor that they’ve named “Agrius,” TheRecord reports. Agrius has been tracked since early 2020, and has recently shifted their focus towards Israel-targeted operations. Agrius makes use of a data-wiping malware family, DEADWOOD, which has been attributed to Iranian threat actors in the past.  Additionally, this actor, possibly in a bid to evade detections, deployed another sample named Apostle that also tried to delete files. SentinelLabs noted that Apostle did not work properly.

ANALYST NOTES

As this actor typically leveraged 1-day vulnerabilities in Internet-connected systems in order to deploy their malware, Binary Defense recommends users ensure that all web-facing products are up to date with the latest security patches. This will ensure that actors who reverse engineer the patch cannot infect critical devices. Additionally, Binary Defense recommends deploying a 24/7 SOC monitoring solution, such as Binary Defense’s own Security Operations Task Force, to respond quickly whenever threat activity is detected.

https://therecord.media/new-iranian-threat-actor-targets-israel-with-wipers-disguised-as-ransomware/

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch
Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support