ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group

This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that abused an Israeli software developer. The attack probably targeted the company’s software updating mechanisms in order to deploy the wiper to victims from various verticals and on various continents, including a diamond wholesaler and HR firms in Israel, a South African organization working in the diamond industry, and a jeweler in Hong Kong.

To learn more about the attacks, read the blog on WeLiveSecurity: Fantasy – a new Agrius wiper deployed through a supply‑chain attack.