Security News > 2023 > May > Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations.
Agrius, also known as Pink Sandstorm, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections.
Unlike Apostle, Moneybird is programmed in C++. "The use of a new ransomware, written in C++, is noteworthy, as it demonstrates the group's expanding capabilities and ongoing effort in developing new tools," Check Point researchers Marc Salinas Fernandez and Jiri Vinopal said.
"The use of a new ransomware demonstrates the actor's additional efforts to enhance capabilities, as well as hardening attribution and detection efforts," the researchers said.
Agrius is far from the only Iranian state-sponsored group to engage in cyber operations targeting Israel.
A report from Microsoft last month uncovered MuddyWater's collaboration with another cluster dubbed Storm-1084 to deploy the DarkBit ransomware.
News URL
https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html
Related news
- LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada (source)
- Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? (source)
- Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (source)
- Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Iranian hackers pose as journalists to push backdoor malware (source)