Threat Group Cards: A Threat Actor Encyclopedia

Names	Agrius (SentinelLabs) DEV-0227 (Microsoft)
Country	Iran
Motivation	Information theft and espionage, Sabotage and destruction
First seen	2020
Description	(SentinelLabs) A new threat actor SentinelLabs track as Agrius was observed operating in Israel beginning in 2020. An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets. The operators behind the attacks intentionally masked their activity as ransomware attacks.
Observed	Countries: Israel.
Tools used	Apostle, ASPXSpy, DEADWOOD, IPsec Helper.
Information	<https://assets.sentinelone.com/sentinellabs/evol-agrius>

Last change to this card: 03 February 2022

Download this actor card in PDF or JSON format