ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Agrius

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Agrius

NamesAgrius (SentinelLabs)
DEV-0227 (Microsoft)
BlackShadow (Kaspersky)
CountryIran Iran
MotivationInformation theft and espionage, Sabotage and destruction
First seen2020
Description(SentinelLabs) A new threat actor SentinelLabs track as Agrius was observed operating in Israel beginning in 2020. An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets. The operators behind the attacks intentionally masked their activity as ransomware attacks.
ObservedCountries: Hong Kong, Israel, South Africa.
Tools usedApostle, ASPXSpy, DEADWOOD, Fantasy, IPsec Helper.
Operations performedFeb 2022Fantasy – a new Agrius wiper deployed through a supply‑chain attack

Last change to this card: 01 January 2023

Download this actor card in PDF or JSON format

Previous: Aggah
Next: Allanite

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]