Security News > 2022 > December > Hackers use new Fantasy data wiper in coordinated supply chain attack
2022-12-07 17:36
The Iranian Agrius APT hacking group is using a new 'Fantasy' data wiper in supply-chain attacks impacting organizations in Israel, Hong Kong, and South Africa.
In this campaign, Agrius used a new wiper named 'Fantasy' hidden inside a software suite created by an Israeli vendor.
On March 12, 2022, Argius deployed Host2IP and a new tool named 'Sandals' to spread the Fantasy wiper on reachable devices.
Sandals is a Windows executable that connects to systems on the same network via SMB and writes a batch file executed via PsExec to launch the Fantasy wiper.
The Fantasy data wiper is a 32-bit Windows executable.
Fantasy overwrites the content of each file with random data, sets timestamps to midnight 2037, and deletes it.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)