Home > List all groups > Agrius

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Agrius

NamesAgrius (SentinelLabs)
CountryIran Iran
MotivationInformation theft and espionage, Sabotage and destruction
First seen2020
Description(SentinelLabs) A new threat actor SentinelLabs track as Agrius was observed operating in Israel beginning in 2020. An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets. The operators behind the attacks intentionally masked their activity as ransomware attacks.
ObservedCountries: Israel.
Tools usedApostle, ASPXSpy, DEADWOOD, IPsec Helper.

Last change to this card: 14 June 2021

Download this actor card in PDF or JSON format

Previous: Aggah
Next: Allanite

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key