Israel organizations under attack from Iranian hackers

Separate cyberattacks have been launched by Iranian advanced persistent threat groups against Israel-based entities, according to The Record, a news site by cybersecurity firm Recorded Future. Organizations across the country have been targeted by the Agrius APT with the new Moneybird ransomware strain, indicative of the operation's growing arsenal of tools after having used the Apostle ransomware in most of its previous attacks, a report from Check Point's Incident Response Team. Such attacks involved the compromise of public web servers to facilitate the delivery of unique ASPXSPY script variants before proceeding with data exfiltration and reconnaissance activities. "Moneybird, like many other ransomware, is a grim reminder of the importance of good network hygiene, as significant parts of the activity could have been prevented early on," said researchers. Meanwhile, a separate report from ClearSky noted that eight Israeli shipping and logistics websites have been subjected to watering hole attacks by suspected Iranian state-sponsored APT operation Tortoiseshell, also known as Imperial Kitten and TA456.