Security News > 2021 > May > New Iranian Group 'Agrius' Launches Destructive Cyberattacks on Israeli Targets
Over the past year, an Iran-linked threat actor named Agrius has been observed launching destructive attacks on Israeli targets, under the disguise of ransomware attacks, according to endpoint security company SentinelOne.
Likely state-sponsored, the threat group initially engaged in cyberespionage attacks, but then attempted to extort victims, claiming to have exfiltrated and encrypted data.
In addition to Apostle, the threat group was observed using a wiper called DEADWOOD, which was previously used in an attack against a target in Saudi Arabia in 2019.
"Agrius is a new threat group that we assess with medium confidence to be of Iranian origin, engaged in both espionage and disruptive activity. The group leverages its own custom toolset, as well as publicly available offensive security tools, to target a variety of organizations in the Middle East," SentinelOne notes.
The researchers also point out that the group might be part of a larger, coordinated Iranian strategy that also includes the recently disclosed Pay2Key attacks.
The destructive nature of Agrius' attacks, which continued into May 2021, suggests that the group is not financially motivated.