Security News > 2023 > May > Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations.
Agrius, also known as Pink Sandstorm, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections.
Unlike Apostle, Moneybird is programmed in C++. "The use of a new ransomware, written in C++, is noteworthy, as it demonstrates the group's expanding capabilities and ongoing effort in developing new tools," Check Point researchers Marc Salinas Fernandez and Jiri Vinopal said.
"The use of a new ransomware demonstrates the actor's additional efforts to enhance capabilities, as well as hardening attribution and detection efforts," the researchers said.
Agrius is far from the only Iranian state-sponsored group to engage in cyber operations targeting Israel.
A report from Microsoft last month uncovered MuddyWater's collaboration with another cluster dubbed Storm-1084 to deploy the DarkBit ransomware.
News URL
https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html
Related news
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)