A likely Iran-backed advanced persistent threat (APT) group has been observed deploying data wiping malware and ransomware attacks against organizations in Israel since around November 2020. Researchers attributed the attacks to “Agrius,” a new threat actor that started off conducting cyber espionage but has since focused on more destructive operations. The group’s preferred tactic for initial access is to try and exploit known vulnerabilities in an organization’s public-facing Web applications. Most of the attacks that Agrius has launched have been from popular VPN services such as ProtonVPN.”]