Skip to content Skip to sidebar Skip to footer

Data Wiper Malware Disguised As Ransomware Targets Israeli Entities

Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker “Agrius” The group’s modus operandi involves deploying a custom.NET malware called Apostle that has evolved to become a fully functional ransomware, supplanting its prior wiper capabilities. Some of the attacks have been carried out using a second wiper named Deadwood (aka Detbosit) after a logic flaw in early versions of Apostle prevented data from being erased. Researchers: Operators behind the attacks intentionally masked their activity as ransomware attacks, an uncommon behavior for financially motivated groups.


Sign Up to Our Newsletter

Be the first to know the latest updates