Diamond industry big players hit by Iranian APT

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Major companies in the diamond industry (and a couple of adjacent ones) have been hit by a brand new data wiper courtesy of a known Iran-based advanced persistent threat (APT) group. 

Cybersecurity researchers from ESET’s welivesecurity arm have recently discovered Agrius, a threat actor that initiated a supply chain attack against an Israeli software developer and through it, a number of diamond businesses across three continents.

In a research report, ESET said the Israeli firm was targeted by Agrius’ new data wiper, called Fantasy. This wiper is based on Agrius’ previous tool, Apostle, but with notable differences.

Building on Apostle

“The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did,” the company said. “Instead, it goes right to work wiping data. Victims were observed in South Africa – where reconnaissance began several weeks before Fantasy was deployed – Israel and Hong Kong.”

The researchers suspect Agrius targeted the Israeli company’s software update mechanisms, which allowed them to infect endpoints belonging to its clients - a diamond seller and an HR consulting firm in Israel, a diamond company in South Africa, and a jeweler in Hong Kong. 

The threat actor sought out known vulnerabilities in internet-facing applications and used the to deploy web shells. That allowed them to maintain persistence on the target networks, move laterally, and ultimately - deliver the malicious payload.

“Since its discovery in 2021, Agrius has been solely focused on destructive operations,” the researchers explained further. “Fantasy is similar in many respects to the previous Agrius wiper, Apostle, that initially masqueraded as ransomware before being rewritten to be actual ransomware.”

Fantasy, on the other hand, “makes no effort to disguise itself as ransomware. Agrius operators used a new tool, Sandals, to connect remotely to systems and execute Fantasy.”

Via: Infosecurity Magazine

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Red padlock open on electric circuits network dark red background
Aviation firms hit by devious new polyglot malware
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
China
Chinese hackers develop effective new hacking technique to go after business networks
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake