Victims include Israeli HR firms, IT consulting companies, and a diamond wholesaler a South African organization working in the diamond industry and a jeweler in Hong Kong.Īgrius is a newer Iran-aligned group targeting victims in Israel and the United Arab Emirates since 2020.
Along with Fantasy, Agrius also deployed a new lateral movement and Fantasy execution tool that we have named Sandals.Most of its code base comes from Apostle, Agrius’s previous wiper. The group then deployed a new wiper we named Fantasy.Agrius conducted a supply-chain attack abusing an Israeli software suite used in the diamond industry.Victims were observed in South Africa – where reconnaissance began several weeks before Fantasy was deployed – Israel, and Hong Kong. Instead, it goes right to work wiping data. The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did. We believe that Agrius operators conducted a supply-chain attack abusing the Israeli software developer to deploy their new wiper, Fantasy, and a new lateral movement and Fantasy execution tool, Sandals. In February 2022, Agrius began targeting Israeli HR and IT consulting firms, and users of an Israeli software suite used in the diamond industry. The group is known for its destructive operations. ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industryĮSET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer.
0 kommentar(er)
