The Iranian regime has long used cyber warfare as a critical component of its soft-target approach, but has begun to deploy an especially threatening new actor as it targets its number one foe, Israel.
According to a recent report by cybersecurity and intelligence firm SentinelLabs, a new Iran-linked hacker group named Agrius has been targeting Israel since the beginning of this year.
While it focused at first on espionage activity, security experts detected that the infiltrators also initiated a series of “wiper” attacks against Israel targets – masquerading as ransomware attacks but designed to destroy important data.
“What is different now is that Iran is trying to hide the true goal of its cyberattacks – destroying data – behind the mask of ransomware,” explained Karim Hijazi, CEO of Prevailion, a Houston-based cyber intelligence company.
By disguising the attack, Hijazi said, Iran can confuse its victims, making them think they are dealing with a financially motivated cyberattack that can be negotiated. In reality, the hackers are trying to cause as much damage as they can.
“Victims will lose valuable time because of this, as they will be focused on restoring data from their backups instead of preventing the attacker from causing more damage,” he added.
“This technique can also make it harder to attribute the attack, as it takes on the appearance of a criminal group, as opposed to a nation-state.”
According to the SentinelLabs report, the attacks were executed using a backdoor called “IPSEC Helper” and a unique wiper termed “Apostle.”
“The message inside it suggests it was used to target a critical, nation-owned facility in the United Arab Emirates,” it said. “The similarity to its wiper version, as well as the nature of the target in the context of regional disputes, leads us to believe that the operators behind it are utilizing ransomware for its disruptive capabilities.”
Read the complete article at: CNS News
Digital War Digital War