He said the site “Ars Technica” (ars Technica) specialist in technical affairs and information technology that American researchers have discovered malicious software unique specialized in survey data and has the ability to disguise in the form of programs launched ransom “devastating attacks” on Israeli targets.
The researchers – who are from the American company “Sentinel One” for cyber security in California – said in a statement last Tuesday that they concluded with a high accuracy rate based on the code and servers reported by the discovered program that it was used by a newly discovered group of hackers (hackers). It has links with the Iranian government. Read alsoIran says foreign countries may have carried out cyber attacks against it The UAE reveals its exposure to cyber-attacks after normalization with Israel and hints at accusing Iran Cyber attacks targeting Israeli companies and strategic sites িThe New York Times: The Biden administration is planning secret cyber attacks against Russian networks
The researchers said the program was used against a sensitive facility in the UAE, but that its primary target was Israel.
They confirmed that a new hacker group named “Agrius” first used the malicious software as a hard disk drive “HDD” although it contained a software bug that prevented it from doing so, before moving on to an alternative scanning program called “Deadwood” ), But she managed to develop the first and turn it into a finished ransomware program.
The ransom program is one of the malicious programs that restrict access to the computer system that it infects, and the program demands to pay a ransom to its maker in order to gain access to the files, and some types of it encrypt the files on the hard disk of the target system, and display messages asking the user to pay.
The group also uses an offensive method that enables it to move more easily inside the compromised networks, and its affiliates use a “virtual private network” “VPN” developed by the Swiss company Proton to hide IP addresses. Their own.
The site confirms that Iranian-sponsored hackers already had tendencies to use disk scanner software in the past. In 2012, self-replicating malware targeted the Saudi Aramco network, permanently destroying the hard drives of more than 30,000 workstations, and researchers later identified the virus. Which was known as “Shimon”, and they said that it was made by Iran.
In 2016, Shamoun reappeared during a cyber attack targeting several institutions inside Saudi Arabia, including government agencies.
In 2019, experts discovered a new Iranian scanning virus, known as Zero Cleare.