Security News > 2023 > May > Iranian hackers use new Moneybird ransomware to attack Israeli orgs
A suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named 'Moneybird' against Israeli organizations.
Check Point's researchers who discovered the new ransomware strain believe that Agrius developed it to help expand their operations, while the use of 'Moneybird' is yet another one of the threat group's attempts to cover their tracks.
In the next phase of the attack, Agrius fetches the Moneybird ransomware executable from legitimate file hosting platforms like 'ufile.io' and 'easyupload.io.
Upon launch, the C++ ransomware strain will encrypt target files using AES-256 with GCM, generating unique encryption keys for every file and appending encrypted metadata at their end.
Unlike previous attacks linked to Agrius, Moneybird is believed to be ransomware, rather than a wiper, meant to generate revenue to fund the threat actors' malicious operations.
For Agrius Moneybird is still an effective business-disruption tool, and further development leading to the release of newer, more capable versions might make it a formidable threat to a broader range of Israeli organizations.
News URL
Related news
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Ascension: Health data of 5.6 million stolen in ransomware attack (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)
- Clop ransomware threatens 66 Cleo attack victims with data leak (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)