Iran-based Agrius deploys Fantasy wiper to attack IT firms in Israel

Threat Level – Red | Vulnerability Report
Download PDF

Iran-based Agrius group has targeted Israel and the United Arab Emirates since 2020. In the beginning, the group deployed a wiper called Apostle, disguised as ransomware, which was later modified into full-fledged ransomware. Known for exploiting internet-facing vulnerabilities, Agrius uses web shells to conduct internal reconnaissance before moving lateral and deploying its malicious payloads.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox