Security News > 2023 > May > Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations.
Agrius, also known as Pink Sandstorm, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections.
Unlike Apostle, Moneybird is programmed in C++. "The use of a new ransomware, written in C++, is noteworthy, as it demonstrates the group's expanding capabilities and ongoing effort in developing new tools," Check Point researchers Marc Salinas Fernandez and Jiri Vinopal said.
"The use of a new ransomware demonstrates the actor's additional efforts to enhance capabilities, as well as hardening attribution and detection efforts," the researchers said.
Agrius is far from the only Iranian state-sponsored group to engage in cyber operations targeting Israel.
A report from Microsoft last month uncovered MuddyWater's collaboration with another cluster dubbed Storm-1084 to deploy the DarkBit ransomware.
News URL
https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html
Related news
- Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore (source)
- U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years (source)