Weekly Intelligence Summary
Published by Jonathan Brown on June 30th, 2021 12:29pm.
"A newly identified advanced persistent threat group, “Agrius”, has been exposed as the perpetrator of destructive attacks against Israeli organizations since late 2020. Although operating with similar tactics, techniques, and procedures (TTPs) as other APT groups, Agrius has been updating its wiper malware with ransomware functionality. This is likely an attempt to mask its activity’s true (destructive) nature, as well as complicate attribution. Agrius’s TTPs and targeting have shown parallels with certain Iranian state-associated APT groups, although an Agrius-Iran link cannot be definitively confirmed. Regardless of the group’s origin, its use of ransomware as a “false flag” demonstrates ransomware’s growing threat and appeal to a variety of threat actors."Reprinted verbatim, with permission from Digital Shadows weekly email newsletter .. June 21, 2021