• Believed to be the work of the government of Iran.
Agrius is an Iranian threat actor which has consistently been observed targeting Israeli networks. The group has frequently deployed wipers disguised as ransomware on networks, with the goal of destroying data and disrupting operations. Also known as BlackShadow, Americium, Pink Sandstorm, and DEV-0227.
Suspected victims
  • Israeli companies, government agencies, and universities
Suspected state sponsor
  • Iran (Islamic Republic of)
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response