Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Related word

• Usb Pentest Tools
• What Is Hacking Tools
• Hacking Tools Mac
• Pentest Tools Bluekeep
• Hacking Tools
• Hacking Tools For Beginners
• Pentest Recon Tools
• Hacker Tools Software
• Pentest Tools Port Scanner
• Hacker Tools For Ios
• Best Pentesting Tools 2018
• Pentest Tools For Ubuntu
• Pentest Tools List
• Hackrf Tools
• Android Hack Tools Github
• Hacker Tools Online
• Physical Pentest Tools
• Pentest Tools Open Source
• Android Hack Tools Github
• Hack Tools Github
• Android Hack Tools Github
• Hacking Tools Online
• Hacker Search Tools
• Hacker Tools For Pc
• Computer Hacker
• Hackers Toolbox
• Tools 4 Hack
• Hacking Tools Windows
• How To Install Pentest Tools In Ubuntu
• New Hacker Tools
• Easy Hack Tools
• Hacking Tools Free Download
• Hacker Tools For Ios
• Hacking Tools For Kali Linux
• Pentest Tools Linux
• New Hack Tools
• Pentest Tools Review
• Pentest Tools Apk
• Hacking Tools For Windows
• Hack Tools
• Ethical Hacker Tools
• Best Hacking Tools 2019
• Game Hacking
• Hacker Tools
• Pentest Box Tools Download
• Pentest Tools For Ubuntu
• Hacker Tools 2019
• Pentest Tools Bluekeep
• Wifi Hacker Tools For Windows
• Best Hacking Tools 2019
• Pentest Tools For Mac
• Hack Tools Github
• Hacker Tools List
• Hacking Tools For Kali Linux
• Best Hacking Tools 2020
• Pentest Tools Open Source
• What Is Hacking Tools
• Physical Pentest Tools
• Ethical Hacker Tools
• Kik Hack Tools
• Hack Tools Download
• Pentest Tools Alternative
• Hacker Search Tools
• Hacker Tools For Pc
• Hack Tools Github
• Pentest Tools Apk
• Github Hacking Tools
• Pentest Tools Android
• Hack Tools Pc
• Hacking Tools For Mac
• Hacking Tools For Mac
• Hack Tools For Mac
• Hack Tools For Pc
• Pentest Tools Tcp Port Scanner
• Pentest Tools Tcp Port Scanner
• Hack Tools For Games
• Bluetooth Hacking Tools Kali
• Hack Tools For Ubuntu
• Pentest Tools Url Fuzzer
• Hacking Tools For Mac
• Pentest Tools Free
• Underground Hacker Sites
• World No 1 Hacker Software
• Hack Tools 2019
• Hack Tools
• Install Pentest Tools Ubuntu
• Blackhat Hacker Tools
• Hacker Hardware Tools
• Hacking Tools Mac
• Hacker Security Tools
• What Is Hacking Tools
• Hack Tool Apk
• Hacking Tools Name
• Pentest Tools Nmap
• Hacking Tools Github
• Hacker Tools Software
• Hacker Tools Apk
• Usb Pentest Tools
• Best Hacking Tools 2019
• Nsa Hacker Tools
• Pentest Tools For Ubuntu
• Hacking Tools Free Download
• What Are Hacking Tools
• Hacker Tool Kit
• Hacking Tools 2020
• Hacking Tools For Beginners
• Black Hat Hacker Tools
• Hacking Tools Software
• Best Hacking Tools 2019
• Pentest Tools Nmap
• New Hack Tools
• Pentest Tools Find Subdomains
• Hacker Tools Mac
• Hacking Tools Kit
• Nsa Hack Tools Download
• Black Hat Hacker Tools
• Blackhat Hacker Tools
• Hackrf Tools
• What Is Hacking Tools
• Hack Tools For Mac