An Iranian advanced persistent threat (APT) actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong.
The wiper, referred to as Fantasy by ESET, is believed to have been delivered via a supply-chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022.
Victims include HR firms, IT consulting companies, and a diamond wholesaler in Israel; a South African entity working in the diamond industry; and a jeweler based in Hong Kong.
“The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did, ESET researcher Adam Burgher disclosed in a Wednesday analysis. “Instead, it goes right to work wiping data.”
Apostle was first documented by SentinelOne in May 2021 as a wiper-turned-ransomware that was deployed in destructive attacks against Israeli targets.
