Threat Watch

Iranian Actor Agrius Targets Israel with Wipers

Analysts at SentinelOne have released a report detailing an Iranian threat actor that they’ve named “Agrius,” TheRecord reports. Agrius has been tracked since early 2020, and has recently shifted their focus towards Israel-targeted operations. Agrius makes use of a data-wiping malware family, DEADWOOD, which has been attributed to Iranian threat actors in the past.  Additionally, this actor, possibly in a bid to evade detections, deployed another sample named Apostle that also tried to delete files. SentinelLabs noted that Apostle did not work properly.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As this actor typically leveraged 1-day vulnerabilities in Internet-connected systems in order to deploy their malware, Binary Defense recommends users ensure that all web-facing products are up to date with the latest security patches. This will ensure that actors who reverse engineer the patch cannot infect critical devices. Additionally, Binary Defense recommends deploying a 24/7 SOC monitoring solution, such as Binary Defense’s own Security Operations Task Force, to respond quickly whenever threat activity is detected.

https://therecord.media/new-iranian-threat-actor-targets-israel-with-wipers-disguised-as-ransomware/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support