Iran-based Agrius deploys Fantasy wiper to attack IT firms in Israel
Iran-based Agrius deploys Fantasy wiper to attack IT firms in Israel
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
Iran-based Agrius group has targeted Israel and the United Arab Emirates since 2020. In the beginning, the group deployed a wiper called Apostle, disguised as ransomware, which was later modified into full-fledged ransomware. Known for exploiting internet-facing vulnerabilities, Agrius uses web shells to conduct internal reconnaissance before moving lateral and deploying its malicious payloads.