Data Wiper Malware Disguised As Ransomware Targets Israeli Entities

2021-05-26 08:30

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions.

"An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets," the researchers said.

"The operators behind the attacks intentionally masked their activity as ransomware attacks, an uncommon behavior for financially motivated groups."

NET malware called Apostle that has evolved to become fully functional ransomware, supplanting its prior wiper capabilities, while some of the attacks have been carried out using a second wiper named DEADWOOD after a logic flaw in early versions of Apostle prevented data from being erased.

The research adds to evidence that state-sponsored actors with ties to the Iranian government are increasingly looking at ransomware operations as a subterfuge technique to mimic other financially motivated cybercriminal ransomware groups.

"While being disruptive and effective, ransomware activities provide deniability, allowing states to send a message without taking direct blame," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/0r7p2tofaEA/data-wiper-malware-disguised-as.html

#israeli #malware #ransomware