{"id":41119,"date":"2021-05-26T13:00:00","date_gmt":"2021-05-26T13:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/d\/d-id\/1341135"},"modified":"2021-05-26T13:00:00","modified_gmt":"2021-05-26T13:00:00","slug":"new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/","title":{"rendered":"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">The Agrius group&#8217;s focus appears to be Israel and the Middle East.<br \/>\n<\/span><\/p>\n<p class>A likely Iran-backed advanced persistent threat (APT) group has been observed deploying data wiping malware and ransomware attacks against organizations in Israel since around November 2020.<\/p>\n<p>Researchers from SentinelOne this week attributed the attacks to &#8220;Agrius,&#8221; a new threat actor that started off conducting cyber espionage activities but has since focused on more destructive operations.<\/p>\n<p>In many instances, the threat actor has disguised data wiping attacks as ransomware attacks \u2014 victims were informed their data was stolen and encrypted even though it was wiped clean.<\/p>\n<p>&#8220;The operators behind the attacks intentionally masked their activity as a ransomware attack, an uncommon behavior for financially motivated groups,&#8221; SentinelOne noted in a <a href=\"https:\/\/labs.sentinelone.com\/from-wiper-to-ransomware-the-evolution-of-agrius\/\" target=\"_blank\" rel=\"noopener noreferrer\">blog<\/a>.<\/p>\n<p>The Argius group&#8217;s preferred tactic for initial access is to try and exploit known vulnerabilities in an organization&#8217;s public-facing Web applications. One favorite appears to be <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-13379\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2018-13379<\/a>, a long-patched path traversal vulnerability in certain versions of Fortinet&#8217;s FortiOS operating system. SentinelOne says its researchers have observed the Agrius group widely exploiting the vulnerability in opportunistic attacks against Israeli targets.<\/p>\n<p>In addition to the FortiOS flaw, Agrius has also been observed exploiting \u2014 or attempting to exploit \u2014 a variety of so-called &#8220;n-day&#8221; vulnerabilities, or flaws that are known and for which a patch is already available or in the works. Security analysts consider <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/the-overlooked-problem-of-n-day-vulnerabilities\/a\/d-id\/1331348\" target=\"_blank\" rel=\"noopener noreferrer\">n-day flaws<\/a> to be as dangerous, or even more so, than zero-day vulnerabilities because of the information that is publicly available around these flaws for both defenders and attackers. On some occasions, the Argius group has employed SQL injection attacks to try and gain an initial foothold on an organization&#8217;s network. Most of the attacks that Agrius has launched have been from IPs belonging to popular VPN services such as ProtonVPN, SentinelOne said.<\/p>\n<p>Once Agrius gains access to a network, the threat actor uploads a webshell and uses it to enable capabilities for lateral movement. In many instances, the webshells are variations of ASPXSpy, a script that allows attackers to gain control of a remote system. SentinelOne says it has observed the threat actor deploying &#8220;IPsec Helper,&#8221; a custom backdoor written in .NET, for stealing data or deploying additional malware on a compromised network.<\/p>\n<p>&#8220;Agrius&#8217; espionage and disruptive activities go hand-in-hand,&#8221; says J.A.&nbsp;Guerrero-Saade, principal threat researcher at SentinelOne. &#8220;By the very nature of their attack cycle, espionage comes first \u2013 conducting lateral movement, scouting the network, placing backdoors, and deciding what data to exfiltrate.&#8221;<\/p>\n<p>Once the attackers have what they are after, they move into the disruption phase, Saade says. The use of wipers \u2014 or wiper attacks disguised as ransomware \u2014 puts Agrius into a relatively small subset of threat actors, he notes. Others include APT33, another Iran-linked threat group, Russia-based Sandworm, and North Korea&#8217;s Lazarus Group.<\/p>\n<p>For the moment, the Agrius group&#8217;s focus appears to be the Middle East.<\/p>\n<p>&#8220;[But] there is nothing limiting their reach other than their intended tasking,&#8221; Saade says. &#8220;While we haven&#8217;t observed Agrius targeting U.S. organizations at this time, we wouldn&#8217;t put it beyond them&#8221;<\/p>\n<p><strong>Deadwood and Apostle Wipers<br \/><\/strong>SentinelOne says it has observed the Agrius group using two types of wiper malware. One is Deadwood, aka Detbosit \u2014 a wiper linked to other Iranian groups, such as APT33 and APT34. <a href=\"https:\/\/www.recordedfuture.com\/iranian-cyber-response\/\" target=\"_blank\" rel=\"noopener noreferrer\">Some security vendors<\/a> have associated the malware to destructive attacks on organizations in the oil and gas sector in the Middle East and other regions. In addition to Deadwood, Agrius also uses a wiper not associated with any other group so far. SentinelOne is tracking that wiper as &#8220;Apostle&#8221; and believes it was likely developed by the same malware author as the one behind &#8220;IPSec Helper.&#8221; Since it was first developed, Apostle has been transformed into a full functioning ransomware tool<\/p>\n<p>According to SentinelOne, Agrius&#8217; attacks appear to be part of a broader Iranian government strategy of deploying threat groups to carry out destructive attacks against rival nations using ransomware as a cover. Another recent example is Project Signal, an effort linked to Iran&#8217;s Islamic Revolutionary Guard Corps. On the surface, Project Signal also is a financially motivated ransomware operation. On the other hand, it&#8217;s equally likely the group is using ransomware as a cover for more destructive attacks, <a href=\"https:\/\/www.flashpoint-intel.com\/blog\/second-iranian-ransomware-operation-project-signal-emerges\/\" target=\"_blank\" rel=\"noopener noreferrer\">Flashpoint<\/a> noted recently.<\/p>\n<p>&#8220;Iran has a history of attempting to use cybercriminal TTPs to blend in with non-state-sponsored malicious cyber activity to avoid attribution and maintain plausible deniability,&#8221; Flashpoint noted.<\/p>\n<p>Saade says it&#8217;s hard to know for certain what Agrius group&#8217;s specific intentions might be.<\/p>\n<p>&#8220;[But] the timing of this activity falls within a period of alleged tit-for-tat exchanges between Israel and Iran \u2013 including the claim that Israel wiped an Iranian port facility, while Israeli firms are, in turn, hit with ransomware of purported Iranian origin,&#8221; he says.<\/p>\n<p><span class=\"italic\">Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1912\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/d\/d-id\/1341135?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Agrius group&#8217;s focus appears to be Israel and the Middle East. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/d\/d-id\/1341135?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-41119","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-26T13:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks\",\"datePublished\":\"2021-05-26T13:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/\"},\"wordCount\":863,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/\",\"name\":\"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"datePublished\":\"2021-05-26T13:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/","og_locale":"en_US","og_type":"article","og_title":"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-26T13:00:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks","datePublished":"2021-05-26T13:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/"},"wordCount":863,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/","url":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/","name":"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","datePublished":"2021-05-26T13:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-iranian-threat-actor-using-ransomware-wipers-in-destructive-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41119"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41119\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}