Names | Agrius (SentinelLabs) DEV-0227 (Microsoft) BlackShadow (Kaspersky) | |
Country | ![]() | |
Motivation | Information theft and espionage, Sabotage and destruction | |
First seen | 2020 | |
Description | (SentinelLabs) A new threat actor SentinelLabs track as Agrius was observed operating in Israel beginning in 2020. An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets. The operators behind the attacks intentionally masked their activity as ransomware attacks. | |
Observed | Countries: Hong Kong, Israel, South Africa. | |
Tools used | Apostle, ASPXSpy, DEADWOOD, Fantasy, IPsec Helper. | |
Operations performed | Feb 2022 | Fantasy – a new Agrius wiper deployed through a supply‑chain attack <https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/> |
Information | <https://assets.sentinelone.com/sentinellabs/evol-agrius> |
Last change to this card: 01 January 2023
Digital Service Security Center Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1227 | |
![]() |
[email protected] |