Agrius

Also known as: Agonizing Serpens, Agrius, AMERICIUM, BlackShadow, Pink Sandstorm, DEV-0022, UNC2428, Black Shadow, SPECTRAL KITTEN

Agrius is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets. SentinelOne Agrius 2021 CheckPoint Agrius 2023 Public reporting has linked Agrius to Iranโ€™s Ministry of Intelligence and Security (MOIS). Microsoft Iran Cyber 2023

๐ŸŒ Country Iran
๐Ÿงญ ATT&CK G1030

Introduction

Agrius is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets. SentinelOne Agrius 2021 CheckPoint Agrius 2023 Public reporting has linked Agrius to Iranโ€™s Ministry of Intelligence and Security (MOIS). Microsoft Iran Cyber 2023

Activities and Tactics

Country of Origin: ๐Ÿ‡ฎ๐Ÿ‡ท Iran

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

[1] MITRE ATT&CK MITRE ATT&CK entry [2] SentinelOne Agrius 2021 [3] CheckPoint Agrius 2023 [4] Microsoft Iran Cyber 2023