DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Get Help
CyberMaterial
Home Alerts

Iranian Threat Actor Deploys Ransomware

May 25, 2023
Reading Time: 2 mins read
in Alerts

A suspected Iranian state-supported threat actor called ‘Agrius’ has launched a new ransomware strain called ‘Moneybird’ to target Israeli organizations. Agrius has been actively conducting attacks in Israel and the Middle East region since at least 2021, using various aliases and deploying destructive data wipers.

The introduction of ‘Moneybird’ is believed to be part of Agrius’ strategy to expand their operations while masking their activities.

To gain access to corporate networks, Agrius initially exploits vulnerabilities in public-facing servers. They then utilize Israel-based ProtonVPN nodes to deploy webshells hidden inside “Certificate” text files.

Agrius employs open-source tools for network reconnaissance, lateral movement, secure communication, credential stealing, and data exfiltration. The Moneybird ransomware executable is obtained from legitimate file hosting platforms like ‘ufile.io’ and ‘easyupload.io’.

Upon execution, the Moneybird ransomware encrypts target files using AES-256 with GCM, generating unique encryption keys for each file. It specifically targets the “F:\User Shares” folder used for corporate documents and collaboration files, indicating a focus on causing business disruption.

Data restoration and file decryption become extremely challenging due to the complex private key generation process involving system GUID, file content, path, and random numbers.

Although Moneybird is a revenue-generating ransomware strain, the high ransom demand suggests that Agrius anticipated the unlikelihood of payment and intended to cause significant damage.

Check Point Research noted that negotiations were unlikely due to the exorbitant demand, making the attack essentially destructive. While Moneybird lacks customization options for mass campaigns, it remains an effective tool for Agrius’ business-disruption objectives, with the potential for further development and more potent versions in the future.

Read More

Tags: AgriusAlertsAlerts 2023IsraelMay 2023MoneybirdRansomware
3
VIEWS
ADVERTISEMENT

Related Posts

Brazilian Hackers Target Portuguese Banks

Brazilian Hackers Target Portuguese Banks

May 26, 2023
Gaming Under Attack: Dark Frost Botnet

Gaming Under Attack: Dark Frost Botnet

May 26, 2023
D-Link Fixes Critical Vulnerabilities

D-Link Fixes Critical Vulnerabilities

May 26, 2023
Encrypted RPMSG Phishing: Targeting Accounts

Encrypted RPMSG Phishing: Targeting Accounts

May 26, 2023

More Articles

Incidents

Bad Magic: Russian cyberattacks

March 22, 2023
Book

Practical Mobile Forensics

April 18, 2023

T-Mobile Investigating Claims of Massive Customer Data Breach

August 16, 2021
Entertainment

Southern Fried Security – Podcast

September 27, 2020

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.