Security News > 2023 > May > Iranian hackers use new Moneybird ransomware to attack Israeli orgs
A suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named 'Moneybird' against Israeli organizations.
Check Point's researchers who discovered the new ransomware strain believe that Agrius developed it to help expand their operations, while the use of 'Moneybird' is yet another one of the threat group's attempts to cover their tracks.
In the next phase of the attack, Agrius fetches the Moneybird ransomware executable from legitimate file hosting platforms like 'ufile.io' and 'easyupload.io.
Upon launch, the C++ ransomware strain will encrypt target files using AES-256 with GCM, generating unique encryption keys for every file and appending encrypted metadata at their end.
Unlike previous attacks linked to Agrius, Moneybird is believed to be ransomware, rather than a wiper, meant to generate revenue to fund the threat actors' malicious operations.
For Agrius Moneybird is still an effective business-disruption tool, and further development leading to the release of newer, more capable versions might make it a formidable threat to a broader range of Israeli organizations.
News URL
Related news
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)