Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Iran-Linked Agrius APT Group Targets Israeli Education, Tech Sectors

The attackers also use custom wipers to cover their tracks and bypass EDR.

Israeli and Iranian flags painted on a wall
Source: Zoonar GmbH via Alamy Stock Photo

A series of attacks has targeted the Israeli higher education and technology sectors throughout this year, stealing personal information and disabling endpoints.

Research by Palo Alto Networks' Unit 42 found the attackers — which it identified as the advanced persistent threat (APT) Agonizing Serpens (aka Agrius, BlackShadow, Pink Sandstorm, and DEV-0022), linked to Iran — were able to exploit Internet-facing Web servers, and deploy multiple Web shells into their targets in order to get a foothold in a network.

Typical attacks from Agonizing Serpens involve stealing sensitive information that includes PII and intellectual property, which is then published on social media or Telegram channels "to sow fear or inflict reputational damage." In the recent string of Israeli attacks, the group stole ID numbers, passport scans, and email and postal addresses.

The researchers from Unit 42 did not specifically name any of the targets, but confirmed that only Israeli organizations were affected by the attacks.

The attackers also use custom wipers to render endpoints unusable and to cover their tracks. This tactic was first detected in attacks conducted in 2021; it has resurfaced as the attackers place an emphasis on stealth and evasive techniques to bypass security solutions such as endpoint detection and response (EDR).

About the Author

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights