A new ransomware variant called “Moneybird” is currently being used by the threat actor “Agrius,” which is thought to be funded by the Iranian government, to target Israeli organisations.
Since at least 2021, Agrius has been using various identities to deliberately target organisations in Israel and the Middle East while using data wipers in disruptive attacks.
Researchers from Check Point who found the new ransomware strain believe that Agrius created it to aid in the growth of their activities, and that the threat group’s use of “Moneybird” is just another effort to hide their footprints.
Modus operandi
According to Check Point researchers, threat actors first acquire access to company networks by taking advantage of flaws in servers that are visible to the public, giving Agrius its first network footing.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: