Security News > 2023 > May > Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations.
Agrius, also known as Pink Sandstorm, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections.
Unlike Apostle, Moneybird is programmed in C++. "The use of a new ransomware, written in C++, is noteworthy, as it demonstrates the group's expanding capabilities and ongoing effort in developing new tools," Check Point researchers Marc Salinas Fernandez and Jiri Vinopal said.
"The use of a new ransomware demonstrates the actor's additional efforts to enhance capabilities, as well as hardening attribution and detection efforts," the researchers said.
Agrius is far from the only Iranian state-sponsored group to engage in cyber operations targeting Israel.
A report from Microsoft last month uncovered MuddyWater's collaboration with another cluster dubbed Storm-1084 to deploy the DarkBit ransomware.
News URL
https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html
Related news
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)