Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Continue reading

1. Hack Tools For Mac
2. Hacking Tools 2020
3. Nsa Hack Tools
4. Hack Tools For Ubuntu
5. Hacking Tools Windows 10
6. Pentest Tools Open Source
7. Hacker Tools For Ios
8. Nsa Hack Tools Download
9. Hacker Tools Mac
10. Pentest Tools Website
11. Easy Hack Tools
12. Hacker Tools 2019
13. Pentest Reporting Tools
14. Nsa Hacker Tools
15. Pentest Tools Port Scanner
16. Hacker Techniques Tools And Incident Handling
17. Pentest Tools Github
18. Hacker Tools Software
19. Hacking Tools Windows
20. Hack Tool Apk No Root
21. Wifi Hacker Tools For Windows
22. Hacker
23. Game Hacking
24. Pentest Tools Windows
25. Hacking Tools
26. Hacker Tool Kit
27. Ethical Hacker Tools
28. Hacking Tools For Windows
29. Hacking Tools For Mac
30. Hackrf Tools
31. Hacking Tools Usb
32. Free Pentest Tools For Windows
33. Best Pentesting Tools 2018
34. Blackhat Hacker Tools
35. Hacker Tools For Windows
36. Pentest Tools Windows
37. Pentest Tools Subdomain
38. Hacker Tools Software
39. Hack Tools Mac
40. Hacking Tools Windows 10
41. Hacks And Tools
42. Pentest Tools For Windows
43. Hacker Tools Online
44. Pentest Reporting Tools
45. Install Pentest Tools Ubuntu
46. Hack Website Online Tool
47. Pentest Reporting Tools
48. Hack Tools Github
49. Pentest Tools Subdomain
50. Hack Tools
51. Install Pentest Tools Ubuntu
52. Hack Tools Pc
53. Hack App
54. How To Hack
55. What Is Hacking Tools
56. Hacking Tools Usb
57. Pentest Box Tools Download
58. Hack Tool Apk
59. Pentest Box Tools Download
60. Easy Hack Tools
61. Pentest Tools For Windows
62. Pentest Automation Tools
63. Hacker Tools
64. Pentest Tools Url Fuzzer
65. Tools For Hacker
66. New Hack Tools
67. Github Hacking Tools
68. Hacking Tools Usb
69. Hacking Tools For Games
70. Pentest Tools Open Source
71. Hacking Apps
72. Hack Tools For Windows
73. Hack Tools For Mac
74. Tools For Hacker
75. Pentest Tools Subdomain
76. Hacker Security Tools
77. Hacker Tools Apk Download
78. Hack And Tools
79. Pentest Tools Free
80. Pentest Tools Review
81. Hacking Tools For Pc
82. Hacker Tools For Pc
83. How To Hack
84. Hack Tools For Games
85. Kik Hack Tools
86. How To Hack
87. Hacker Tools List
88. Hacking Tools Usb
89. Hacker Search Tools
90. Nsa Hacker Tools
91. Usb Pentest Tools
92. Hack Tools
93. Hacker Tools Linux
94. Best Hacking Tools 2019
95. Best Hacking Tools 2019
96. Game Hacking
97. Pentest Automation Tools
98. Hacking Apps
99. Hacking Tools Github
100. Pentest Tools Github
101. Pentest Tools Review
102. How To Make Hacking Tools
103. Pentest Tools Port Scanner
104. Hacking Tools For Windows Free Download
105. Ethical Hacker Tools
106. Pentest Tools Kali Linux
107. Hacker Tools 2020
108. Black Hat Hacker Tools
109. Hacking Tools For Games
110. Wifi Hacker Tools For Windows
111. Hacker Hardware Tools
112. Hacker Tools List
113. Ethical Hacker Tools
114. Pentest Tools Subdomain
115. Hacker
116. Wifi Hacker Tools For Windows
117. Hack Tools
118. Hack Tools For Pc
119. Hacking Tools And Software
120. Best Pentesting Tools 2018
121. Black Hat Hacker Tools
122. Hacker Tools Apk