Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors

    justmattgBy justmattgNovember 6, 2023No Comments3 Mins Read

    [ad_1]

    Nov 06, 2023NewsroomCyber War / Malware

    Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware.

    The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius, BlackShadow and Pink Sandstorm (previously Americium).

    “The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property,” Palo Alto Networks Unit 42 said in a new report shared with The Hacker News.

    Cybersecurity

    “Once the attackers stole the information, they deployed various wipers intended to cover the attackers’ tracks and to render the infected endpoints unusable.”

    This includes three different novel wipers such as MultiLayer, PartialWasher, and BFG Agonizer, as well as a bespoke tool to extract information from database servers known as Sqlextractor.

    Active since at least December 2020, Agonizing Serpens has been linked to wiper attacks targeting Israeli entities. Earlier this May, Check Point detailed the threat actor’s use of a ransomware strain called Moneybird in its attacks targeting the country.

    The latest set of attacks entails weaponizing vulnerable internet facing web servers as initial access routes to deploy web shells and conduct reconnaissance of the victim networks and steal credentials of users with administrative privileges.

    A lateral movement phase is followed by data exfiltration using a mix of public and custom tools like Sqlextractor, WinSCP, and PuTTY, and finally deliver the wiper malware –

    • MultiLayer, a .NET malware that enumerates files for either deletion or corrupting them with random data to resist recovery efforts and render the system unusable by wiping the boot sector.
    • PartialWasher, a C++-based malware to scan drives and wipe specified folders and its subfolders.
    • BFG Agonizer, a malware that heavily relies on an open-source project called CRYLINE-v5.0.
    Cybersecurity

    The links to Agrius stems from multiple code overlaps with other malware families like Apostle, IPsec Helper, and Fantasy, which have been identified as previously used by the group.

    “It appears that the Agonizing Serpens APT group has recently upgraded their capabilities and they are investing great efforts and resources to attempt to bypass EDR and other security measures,” Unit 42 researchers said.

    “To do so, they have been rotating between using different known proof-of-concept (PoC) and pentesting tools as well as custom tools.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous Article‘KandyKorn’ macOS Malware Lures Crypto Engineers
    Next Article Name That Edge Toon: Out for the Count
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑