Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware.
以色列高等教育和科技部门已成为一系列破坏性网络攻击的目标,这些攻击始于2023年1月,旨在部署以前未记录的数据擦除恶意软件。
The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius, BlackShadow and Pink Sandstorm (previously Americium).
这些入侵事件最近发生,最晚发生在10月,已被归因于伊朗国家黑客团队,该团队被追踪为Agonizing Serpens,也被称为Agrius、BlackShadow和Pink Sandstorm(以前是Americium)。
"The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News.
“这些攻击的特点是试图窃取敏感数据,如个人可识别信息(PII)和知识产权”,Palo Alto Networks Unit 42在与The Hacker News共享的新报告中说。
"Once the attackers stole the information, they deployed various wipers intended to cover the attackers' tracks and to render the infected endpoints unusable."
“一旦攻击者窃取了信息,他们就会部署各种数据擦除工具,旨在覆盖攻击者的踪迹,并使受感染的终端不可用。”
This includes three different novel wipers such as MultiLayer, PartialWasher, and BFG Agonizer, as well as a bespoke tool to extract information from database servers known as Sqlextractor.
其中包括三种不同的新型数据擦除工具,如MultiLayer、PartialWasher和BFG Agonizer,以及一种用于从数据库服务器中提取信息的定制工具,被称为Sqlextractor。
Active since at least December 2020, Agonizing Serpens has been linked to wiper attacks targeting Israeli entities. Earlier this May, Check Point detailed the threat actor's use of a ransomware strain called Moneybird in its attacks targeting the country.
Agonizing Serpens自至少2020年12月以来一直与以色列实体的数据擦除攻击相关联。今年5月早些时候,Check Point详细介绍了该威胁行为者在攻击中使用了一种名为Moneybird的勒索软件。
The latest set of attacks entails weaponizing vulnerable internet facing web servers as initial access routes to deploy web shells and conduct reconnaissance of the victim networks and steal credentials of users with administrative privileges.
最新一系列攻击包括将易受攻击的Internet公开面向的Web服务器武装化,作为部署Web shell的初始访问途径,以进行受害网络的侦察和窃取具有管理员权限的用户的凭据。
A lateral movement phase is followed by data exfiltration using a mix of public and custom tools like Sqlextractor, WinSCP, and PuTTY, and finally deliver the wiper malware -
随后是数据外泄阶段,使用一些公共和自定义工具,如Sqlextractor、WinSCP和PuTTY,最后交付数据擦除恶意软件 -
MultiLayer, a .NET malware that enumerates files for either deletion or corrupting them with random data to resist recovery efforts and render the system unusable by wiping the boot sector.
MultiLayer,一种.NET恶意软件,用于列举文件以进行删除或使用随机数据对其进行破坏,以抵抗恢复尝试,并通过擦除引导扇区使系统不可用。PartialWasher, a C++-based malware to scan drives and wipe specified folders and its subfolders.
PartialWasher,一种基于C++的恶意软件,用于扫描驱动器并擦除指定文件夹及其子文件夹。BFG Agonizer, a malware that heavily relies on an open-source project called CRYLINE-v5.0.
The links to Agrius stems from multiple code overlaps with other malware families like Apostle, IPsec Helper, and Fantasy, which have been identified as previously used by the group.
与其他恶意软件家族存在多个代码重叠,如Apostle、IPsec Helper和Fantasy等恶意软件家族的联系,这些恶意软件家族已被确认为该组织以前使用过。
"It appears that the Agonizing Serpens APT group has recently upgraded their capabilities and they are investing great efforts and resources to attempt to bypass EDR and other security measures," Unit 42 researchers said.
“看来Agonizing Serpens APT组最近升级了他们的能力,他们正在投入大量的精力和资源来试图绕过EDR和其他安全措施”,Unit 42研究人员说。
"To do so, they have been rotating between using different known proof-of-concept (PoC) and pentesting tools as well as custom tools."
“为了做到这一点,他们一直在使用不同的已知概念验证(PoC)和渗透测试工具,以及定制工具。”
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...