Israel had its education and tech organizations subjected to attacks by Iranian state-sponsored hacking operation Agonizing Serpens, also known as BlackShadow and Agrius, amid its ongoing war with Palestinian militant group Hamas, reports The Record, a news site by cybersecurity firm Recorded Future.
Vulnerable internet-exposed web servers have been exploited by Agonizing Serpens to facilitate the intrusions, which ran from January to October, according to a Palo Alto Networks report.
After leveraging various means to secure the credentials of users with admin privileges, Agonizing Serpens then proceeded to steal intellectual property and personal data, as well as deploy wiper malware strains, with the latest attacks involving the novel PartialWasher, BFG Agonizer Wiper, MultiLayer Wiper, and the Sqlextractor custom tool that facilitated database server information exfiltration. Such tools were also discovered to have similarities with old wipers used by the operation, suggesting the same codebase or set of developers, said the report.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.