Agrius
Agrius is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets. Public reporting has linked Agrius to Iran's Ministry of Intelligence and Security (MOIS).
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.8
Low signal strength
Mentions1
Sources1
High conf.1
Last seenMay 2026
First observed
2024-05-21
Last active
—
Origin
Iran
Aliases
5
Techniques
22
Campaigns
1
Iran
Attribution signals
1 mention · 1 source#1Iran-alignedhigh
Malware
eset
May 2026
"the Iran-aligned Agrius group deployed a destructive wiper called Fantasy through a supply-chain attack"
Hedge terms observed
Iran-aligned