Security News > 2022 > December > Hackers use new Fantasy data wiper in coordinated supply chain attack
2022-12-07 17:36
The Iranian Agrius APT hacking group is using a new 'Fantasy' data wiper in supply-chain attacks impacting organizations in Israel, Hong Kong, and South Africa.
In this campaign, Agrius used a new wiper named 'Fantasy' hidden inside a software suite created by an Israeli vendor.
On March 12, 2022, Argius deployed Host2IP and a new tool named 'Sandals' to spread the Fantasy wiper on reachable devices.
Sandals is a Windows executable that connects to systems on the same network via SMB and writes a batch file executed via PsExec to launch the Fantasy wiper.
The Fantasy data wiper is a 32-bit Windows executable.
Fantasy overwrites the content of each file with random data, sets timestamps to midnight 2037, and deletes it.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)