fantasy-agrius

Agrius pushed Fantasy wiper through Israeli diamond-industry software update

ESET disclosed on 2022-12-07 that the Iran-aligned Agrius APT abused the official update mechanism of an unnamed Israeli software developer whose suite is used in the diamond industry to deploy the Fantasy data wiper alongside the Sandals lateral-movement tool. Credential-harvesting tools were pre-positioned on 2022-02-20; the wiper rollout completed in under three hours on 2022-03-12 across customers in Israel (an IT support services firm, a diamond wholesaler, an HR consulting firm), South Africa (a diamond-industry organisation), and Hong Kong (a jeweler). The vendor did not respond to ESET's notification. Fantasy is a successor to Agrius's earlier Apostle wiper.