Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

More articles

1. Pentest Tools Kali Linux
2. Pentest Tools Find Subdomains
3. Hack Tools
4. Hacking Tools For Kali Linux
5. Pentest Tools Linux
6. Termux Hacking Tools 2019
7. Hacker Tools For Mac
8. Free Pentest Tools For Windows
9. Hacking Tools For Windows 7
10. Hacker Tools 2019
11. Hacker Search Tools
12. Beginner Hacker Tools
13. Kik Hack Tools
14. Hacking Tools Windows 10
15. Pentest Tools Review
16. Hacks And Tools
17. Github Hacking Tools
18. Pentest Tools List
19. Pentest Tools For Windows
20. Pentest Tools Tcp Port Scanner
21. Hacker Tools Free
22. Hack App
23. Hack Website Online Tool
24. Pentest Tools For Ubuntu
25. Android Hack Tools Github
26. Hack Rom Tools
27. Usb Pentest Tools
28. Pentest Tools Port Scanner
29. Pentest Tools Url Fuzzer
30. How To Hack
31. Hacking Tools For Kali Linux
32. Hacking Tools Windows
33. Nsa Hack Tools Download
34. Pentest Tools For Ubuntu
35. Pentest Tools For Ubuntu
36. Pentest Tools Linux
37. Hacker Tools For Mac
38. Pentest Tools Website Vulnerability
39. Tools Used For Hacking
40. Pentest Tools
41. Pentest Tools Website Vulnerability
42. Hacking Tools
43. Hack Tools Download
44. Game Hacking
45. Hacker Tools Mac
46. Hacker Tool Kit
47. Pentest Tools Review
48. Pentest Tools List
49. Hacking Apps
50. Hack Tools For Windows
51. Pentest Tools Android
52. Pentest Tools Alternative
53. Computer Hacker
54. Pentest Tools Port Scanner
55. Top Pentest Tools
56. Install Pentest Tools Ubuntu
57. Hak5 Tools
58. Pentest Tools Website Vulnerability
59. Hacking App
60. Hacking Tools Download
61. Hack Tools Online
62. Pentest Tools Alternative
63. Pentest Tools Kali Linux
64. Hack Tools Online
65. Hackrf Tools
66. Pentest Tools Review
67. Pentest Tools Apk
68. Hacking Tools For Windows 7
69. Hackers Toolbox
70. Hacker Tools Apk
71. Kik Hack Tools
72. Hacks And Tools
73. Hack Tools Pc
74. Tools 4 Hack
75. Hacker Tool Kit
76. Hacker Hardware Tools
77. Hacking Tools For Beginners
78. Pentest Tools Kali Linux
79. Hacker Tools
80. Hacker Tools Free
81. Underground Hacker Sites
82. Hack Tools For Pc
83. Install Pentest Tools Ubuntu
84. What Are Hacking Tools
85. What Are Hacking Tools
86. Hacking Tools Online
87. Hacker Hardware Tools
88. Hacker Tools Apk Download
89. Github Hacking Tools
90. Hack Tool Apk No Root
91. Hacking Tools For Windows
92. Github Hacking Tools
93. Nsa Hack Tools
94. Hacking Tools Download
95. Tools For Hacker
96. Pentest Tools Framework
97. Hacker Tools Apk
98. Hack Website Online Tool
99. Hack Tools Mac
100. Hack Tools
101. Hacker Tools Software
102. Pentest Reporting Tools
103. Hacker Tools Online
104. Hack Tools Mac
105. Free Pentest Tools For Windows
106. Tools Used For Hacking
107. Hacking Tools Name
108. Hacker Tools Linux
109. Hacking Tools For Mac
110. Github Hacking Tools
111. Hacking Tools 2020
112. Hacker Security Tools
113. Hak5 Tools
114. Hack Tool Apk No Root
115. Hack Tools Github
116. Hack Tools Download
117. Ethical Hacker Tools
118. Pentest Tools Url Fuzzer
119. Pentest Automation Tools
120. Hacking Apps
121. Hacker Tools Hardware
122. Pentest Tools Website
123. Pentest Tools Open Source
124. Hacker Tools Apk
125. Hacker Tools Free Download
126. Pentest Tools Android
127. Hacking Tools Name
128. Hacker Tools Apk Download
129. Pentest Tools Bluekeep
130. Hak5 Tools
131. Hacker Security Tools
132. Hack Tools Online
133. Hacker Tools Windows
134. Hacker Security Tools
135. Pentest Tools Linux
136. Hacker Tools Apk
137. New Hack Tools
138. Hack Tools For Windows
139. Hacking Tools For Games
140. Tools Used For Hacking
141. Pentest Tools For Android
142. Hacking Tools 2019
143. Hacker Tools For Mac
144. Hacker Tools Mac
145. Hacking Tools 2020