216.73.217.22

Agrius

· Published 16/12/2025 19:39 · Modified 27/03/2026 01:14 · Source: The MITRE Corporation

Essential information

Confidence
100/100
Published
16/12/2025 19:39
Modified
27/03/2026 01:14
Updated at
27/03/2026 01:14
Revoked
No
Author / Source
The MITRE Corporation
Resource level
Primary motivation
Related entities
50 attack patterns (mitre), 11 malware, 4 sectors, 4 countries, 22 indicators, 2 tool

Aliases

Pink Sandstorm AMERICIUM BlackShadow Agonizing Serpens

Description

[Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation: SentinelOne Agrius 2021)(Citation: CheckPoint Agrius 2023) Public reporting has linked [Agrius](https://attack.mitre.org/groups/G1030) to Iran's Ministry of Intelligence and Security (MOIS).(Citation: Microsoft Iran Cyber 2023)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.