November 7, 2023 at 12:34PM
Throughout this year, Israel’s higher education and technology sectors have been targeted by a series of attacks. The attackers, identified as the advanced persistent threat (APT) Agonizing Serpens, associated with Iran, have exploited Web servers and deployed Web shells to gain access to networks. The attacks involve stealing sensitive information, which is then published to cause fear or damage reputations. The group has stolen ID numbers, passport scans, email addresses, and postal addresses. They also use custom wipers to render endpoints unusable and evade security solutions.
The meeting notes discuss a series of attacks targeting the Israeli higher education and technology sectors. The attackers, known as Agonizing Serpens or other aliases like Agrius, BlackShadow, Pink Sandstorm, and DEV-0022, are linked to Iran. The attacks involve exploiting Internet-facing Web servers and deploying multiple Web shells to gain access to the network. Agonizing Serpens typically steals sensitive information, including personally identifiable information (PII) and intellectual property, which they publish on social media or Telegram channels to cause fear or damage reputations. In the recent attacks against Israeli organizations, ID numbers, passport scans, email addresses, and postal addresses were stolen. The attackers also employ custom wipers to render endpoints unusable and cover their tracks. This tactic was first detected in 2021 and has resurfaced as the attackers focus on evasive techniques to bypass security solutions like endpoint detection and response (EDR).