November 6, 2023 at 06:00AM
Israeli higher education and tech sectors were targeted in a series of cyber attacks by the Iranian nation-state hacking crew known as Agonizing Serpens. The attacks aimed to steal sensitive data and deploy wiper malware to cover their tracks and render infected endpoints unusable. The group has been linked to previous attacks using ransomware and has recently upgraded their capabilities to bypass security measures.
Summary:
– Israeli higher education and tech sectors have been targeted by destructive cyber attacks since January 2023.
– The attacks are attributed to a hacking group called Agonizing Serpens, also known as Agrius, BlackShadow, and Pink Sandstorm.
– The attackers aim to steal sensitive data, such as personally identifiable information (PII) and intellectual property.
– After stealing the information, the attackers deploy various wipers to cover their tracks and render the infected endpoints unusable.
– The wipers used include MultiLayer, PartialWasher, and BFG Agonizer.
– Agonizing Serpens has been active since December 2020 and has been linked to ransomware attacks using Moneybird.
– The latest attacks involve exploiting vulnerable internet-facing web servers, deploying web shells, conducting reconnaissance, stealing credentials, and exfiltrating data using tools like Sqlextractor, WinSCP, and PuTTY.
– Agonizing Serpens has been upgrading its capabilities to bypass security measures and using a mix of known proof-of-concept tools and custom tools.
Please note that this is a summary generated from the provided meeting notes.