Iranian APT Targets Israeli Education, Tech Sectors With New Data Wipers

An Iranian advanced persistent threat (APT) group known as Agrius has been targeting higher education and technology organizations in Israel since January 2023. The APT, believed to be sponsored by the Iranian government, has been carrying out espionage and destructive attacks, primarily in Israel and the United Arab Emirates. They have also targeted a diamond industry firm in South Africa. The group has deployed wipers to cover its tracks and steal personally identifiable information (PII) and intellectual property. They exploit vulnerable web-facing servers, use various tools for reconnaissance, credential theft, lateral movement, and data exfiltration. The APT has also attempted to execute different wipers during attacks, upgrading their capabilities to bypass security solutions.