Security News > 2023 > May > Iranian hackers use new Moneybird ransomware to attack Israeli orgs
A suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named 'Moneybird' against Israeli organizations.
Check Point's researchers who discovered the new ransomware strain believe that Agrius developed it to help expand their operations, while the use of 'Moneybird' is yet another one of the threat group's attempts to cover their tracks.
In the next phase of the attack, Agrius fetches the Moneybird ransomware executable from legitimate file hosting platforms like 'ufile.io' and 'easyupload.io.
Upon launch, the C++ ransomware strain will encrypt target files using AES-256 with GCM, generating unique encryption keys for every file and appending encrypted metadata at their end.
Unlike previous attacks linked to Agrius, Moneybird is believed to be ransomware, rather than a wiper, meant to generate revenue to fund the threat actors' malicious operations.
For Agrius Moneybird is still an effective business-disruption tool, and further development leading to the release of newer, more capable versions might make it a formidable threat to a broader range of Israeli organizations.
News URL
Related news
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)