Security News > 2022 > December > Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack
An Iranian advanced persistent threat actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong.
The wiper, codenamed Fantasy by ESET, is believed to have been delivered via a supply chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022.
"The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did, ESET researcher Adam Burgher disclosed in a Thursday analysis."Instead, it goes right to work wiping data.
Agrius subsequently initiated the wiping attack via Fantasy on March 12, 2022, before striking other companies in Israel and Hong Kong on the same date.
The name of the Israeli company that fell victim to the supply chain attack was not disclosed by ESET, but evidence points to it being Rubinstein Software, which markets an enterprise resource planning solution called Fantasy that's used for jewelry stock management.
The APT33 hacking group, which is suspected of operating at the behest of the Iranian government, is said to have been behind multiple attacks that used the Shamoon wiper against targets located in the Middle East.
News URL
https://thehackernews.com/2022/12/iranian-hackers-strike-diamond-industry.html
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)