Iran-based Agrius deploys Fantasy wiper to attack IT firms in Israel

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Iran-based Agrius group has targeted Israel and the United Arab Emirates since 2020. In the beginning, the group deployed a wiper called Apostle, disguised as ransomware, which was later modified into full-fledged ransomware. Known for exploiting internet-facing vulnerabilities, Agrius uses web shells to conduct internal reconnaissance before moving lateral and deploying its malicious payloads.