Home Security Iranian Agrius Hackers Concentrating on Israeli Organizations with Moneybird Ransomware

Iranian Agrius Hackers Concentrating on Israeli Organizations with Moneybird Ransomware

by crpt os


May 25, 2023Ravie LakshmananRansomware / Endpoint Security

The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations.

Agrius, also known as Pink Sandstorm (formerly Americium), has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections.

Microsoft has attributed the threat actor to Iran’s Ministry of Intelligence and Security (MOIS), which also operates MuddyWater. It’s known to be active since at least December 2020.

In December 2022, the hacking crew was attributed to a set of attempted disruptive intrusions that were directed against diamond industries in South Africa, Israel, and Hong Kong.

These attacks involved the use of a .NET-based wiper-turned-ransomware called Apostle and its successor known as Fantasy. Unlike Apostle, Moneybird is programmed in C++.

“The use of a new ransomware, written in C++, is noteworthy, as it demonstrates the group’s expanding capabilities and ongoing effort in developing new tools,” Check Point researchers Marc Salinas Fernandez and Jiri Vinopal said.

The infection sequence begins with the exploitation of vulnerabilities within internet-exposed web servers, leading to the deployment of a web shell referred to as ASPXSpy.

Moneybird Ransomware

In the subsequent steps, the web shell is used as a conduit to deliver publicly-known tools in order to perform reconnaissance of the victim environment, move laterally, harvest credentials, and exfiltrate data.

Also executed on the compromised host is the Moneybird ransomware, which is engineered to encrypt sensitive files in the “F:\User Shares” folder and drop a ransom note urging the company to contact them within 24 hours or risk getting their stolen information leaked.

“The use of a new ransomware demonstrates the actor’s additional efforts to enhance capabilities, as well as hardening attribution and detection efforts,” the researchers said. “Despite these new ‘covers,’ the group continues to follow its usual behavior and utilize similar tools and techniques as before.”

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

Agrius is far from the only Iranian state-sponsored group to engage in cyber operations targeting Israel. A report from Microsoft last month uncovered MuddyWater’s collaboration with another cluster dubbed Storm-1084 (aka DEV-1084) to deploy the DarkBit ransomware.

The findings also come as ClearSky disclosed that no fewer than eight websites associated with shipping, logistics, and financial services companies in Israel were compromised as part of a watering hole attack orchestrated by the Iran-linked Tortoiseshell group.

In a related development, Proofpoint revealed that regional managed service providers (MSPs) within Israel have been targeted by MuddyWater as part of a phishing campaign designed to initiate supply chain attacks against their downstream customers.

The enterprise security firm further highlighted escalating threats to small and medium-sized businesses (SMBs) from sophisticated threat groups, which have been observed leveraging compromised SMB infrastructure for phishing campaigns and financial theft.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex