Security News > 2022 > December > Hackers use new Fantasy data wiper in coordinated supply chain attack
The Iranian Agrius APT hacking group is using a new 'Fantasy' data wiper in supply-chain attacks impacting organizations in Israel, Hong Kong, and South Africa.
In this campaign, Agrius used a new wiper named 'Fantasy' hidden inside a software suite created by an Israeli vendor.
On March 12, 2022, Argius deployed Host2IP and a new tool named 'Sandals' to spread the Fantasy wiper on reachable devices.
Sandals is a Windows executable that connects to systems on the same network via SMB and writes a batch file executed via PsExec to launch the Fantasy wiper.
The Fantasy data wiper is a 32-bit Windows executable.
Fantasy overwrites the content of each file with random data, sets timestamps to midnight 2037, and deletes it.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)