Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims’ networks for months. The threat actor, tracked as Agrius, has targeted Israel starting with December 2020. The group has also developed their own custom.NET malware named ‘IPsec Helper’ designed to provide the threat actor with basic backdoor capabilities to deliver additional malware on compromised hosts and exfiltrate data. The attackers have used multiple attack vectors, including. CVE-2018-13379 exploits, and exploits targeting various 1-day web app vulnerabilities.
Source: https://www.bleepingcomputer.com/news/security/iranian-hacking-group-targets-israel-with-wiper-disguised-as-ransomware/