Security News > 2021 > May > Threat Actor ‘Agrius’ Emerges to Launch Wiper Attacks Against Israeli Targets

A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated.

Researchers added that the wiper attacks were conducted using a secondary malware called "Deadwood", which Sentinel Labs said has "Unconfirmed links to an Iranian threat group."

"An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets," Sentinel Labs explained.

"The operators behind the attacks intentionally masked their activity as ransomware attacks, an uncommon behavior for financially motivated groups. Considering this and the nature of the known targets, we assess this is a nation-sponsored threat group."

Ransomware has been used successfully in the past as a way for state actors to avoid direct blame for attacks, according to Sentinel Labs, which pointed to NotPetya attacks from 2017 and Russian state-sponsored attackers who targeted intelligence agencies in the west.

"In some cases, the group leveraged its access to deploy destructive wiper malware, and in others a custom ransomware. Considering this, we find it unlikely that Agrius is a financially motivated threat actor."

News URL

https://threatpost.com/agrius-wiper-attacks-israeli-targets/166474/