Newly Spotted Agrius APT Targets Entities in Israel and UAE
Agrius APT is a newly identified attack group whose activities have been closely tracked since 2020. The primary target of the criminals appears to be Israel-based citizens and companies, and there is strong evidence that the group might have close ties to the Iranian government. The Agrius Advanced Persistent Threat (APT) hackers appear to use both public and private malware families to aid their attacks. For example, they have been planting the open-source ASPXSpy Malware on compromised networks, but they have also relied on a previously unidentified ransomware/wiper called Apostle.
Although financially motivated attacks appear to be their primary goal, they may also engage in espionage and data theft operations through the use of web shells. Although the primary part of their network infrastructure is situated in Iran, some of Agrius APT's implants have also made connections to addresses in Pakistan, Saudi Arabia, and the United Arab Emirates.
While most of the networks compromised by the Agrius APT are in Israel, criminals have managed to trace some of the malicious implants to other regions in the Middle East – for example, the United Arab Emirates have also been targeted in their previous campaigns.