Ransomware, Threat Management
Israel organizations under attack from Iranian hackers
Separate cyberattacks have been launched by Iranian advanced persistent threat groups against Israel-based entities, according to The Record, a news site by cybersecurity firm Recorded Future.
Organizations across the country have been targeted by the Agrius APT with the new Moneybird ransomware strain, indicative of the operation's growing arsenal of tools after having used the Apostle ransomware in most of its previous attacks, a report from Check Point's Incident Response Team.
Such attacks involved the compromise of public web servers to facilitate the delivery of unique ASPXSPY script variants before proceeding with data exfiltration and reconnaissance activities.
"Moneybird, like many other ransomware, is a grim reminder of the importance of good network hygiene, as significant parts of the activity could have been prevented early on," said researchers.
Meanwhile, a separate report from ClearSky noted that eight Israeli shipping and logistics websites have been subjected to watering hole attacks by suspected Iranian state-sponsored APT operation Tortoiseshell, also known as Imperial Kitten and TA456.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds