The website “ars Technica”, which specializes in technical affairs and information technology, said that American researchers have discovered a unique malicious program that specializes in scanning data and has the ability to disguise in the form of ransomware that launched “destructive attacks” on Israeli targets.
The researchers – who are from the US cybersecurity company Sentinel One in California – stated in a statement last Tuesday that they had concluded with high accuracy based on the code and servers reported by the discovered program that it was used by a newly discovered hacker group. It has links to the Iranian government.
The researchers said the program was used against a sensitive facility in the UAE, but that its primary target was Israel.
They confirmed that a new hacker group named “Agrius” first used the malicious software as a hard disk drive “HDD” although it contained a software bug that prevented it from doing so, before moving on to an alternative scanning program called “Deadwood” ), But she managed to develop the first and turn it into a fully-fledged ransomware program.
The ransomware program is a malicious program that restricts access to the computer system that it infects, and the program demands that its maker pay a ransom for access to the files, and some types of it encrypt files on the target system’s hard drive, and display messages asking the user to pay.
The group also uses an offensive method that enables it to move more easily inside the compromised networks, and its affiliates use a “virtual private network” “VPN” developed by the Swiss company Proton to hide IP addresses. Their own.
The site confirms that the Iranian-sponsored pirates already had a tendency to use disk scanner software in the past, in 2012 a self-cloning malware targeted the Saudi Aramco network, permanently destroying the hard drives of more than 30,000 workstations, and researchers later identified the scanning virus. Which was popularly known as “Shimon,” and they said was made by Iran.
In 2016, Shamoun reappeared during a cyber attack targeting several institutions inside Saudi Arabia, including government agencies.
In 2019, experts discovered a new Iranian scanning virus, known as ZeroCleare.
More technology
