New wiper malware deployed in Iranian supply-chain attack

Iran-linked threat operation Agrius has leveraged the new Fantasy data wiper malware in a supply-chain attack targeting South Africa-, Israel-, and Hong Kong-based diamond companies, as well as Israeli HR and IT consulting firms since February, according to The Record, a news site by cybersecurity firm Recorded Future. Agrius commenced the attack on Feb. 20, when it targeted a South African diamond firm with a credential harvesting tool that facilitated username, password, and hostname theft, before deploying the wiper on the company, along with the Israeli firms and the Hong Kong jeweler less than a month later, an ESET report revealed. Agrius took only less than three hours to conduct the campaign but Fantasy has been blocked by researchers from destroying compromised data. "Fantasy is similar in many respects to the previous Agrius wiper, Apostle, that initially masqueraded as ransomware before being rewritten to be actual ransomware. Fantasy makes no effort to disguise itself as ransomware," said researchers.