Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Related links

1. World No 1 Hacker Software
2. Hack Tools For Games
3. Hacking Tools For Windows 7
4. Hacking Tools And Software
5. Hak5 Tools
6. Pentest Tools List
7. Hack Tool Apk
8. Pentest Automation Tools
9. Hacker Tools
10. Hack Website Online Tool
11. Pentest Tools Find Subdomains
12. Hacking Tools Usb
13. Growth Hacker Tools
14. Pentest Tools Free
15. Best Hacking Tools 2019
16. Hacking Tools And Software
17. Hacking Tools For Windows 7
18. Pentest Tools Website Vulnerability
19. Pentest Tools Find Subdomains
20. Hack And Tools
21. Hack Tools For Ubuntu
22. Hack Tools 2019
23. What Are Hacking Tools
24. Nsa Hacker Tools
25. Hacker Search Tools
26. Easy Hack Tools
27. Hak5 Tools
28. Hacks And Tools
29. Pentest Tools For Mac
30. Pentest Tools Download
31. Hacker Tools For Pc
32. Hack Tools
33. Best Pentesting Tools 2018
34. Hacker Tools For Mac
35. Pentest Tools Nmap
36. Hacker Tools Apk
37. Hacking Tools For Windows
38. Hackrf Tools
39. Game Hacking
40. Hacker Tools Windows
41. Hacking Apps
42. Pentest Tools For Mac
43. Hacking Tools Github
44. Hack Tools
45. Hacking Tools For Mac
46. Pentest Tools Url Fuzzer
47. Physical Pentest Tools
48. Tools 4 Hack
49. Pentest Tools Open Source
50. Best Hacking Tools 2020
51. Pentest Tools Framework
52. New Hack Tools
53. Blackhat Hacker Tools
54. Hacker Tools For Ios
55. Hacker Tool Kit
56. Pentest Tools For Ubuntu
57. Hacker Search Tools
58. Hacker Tools Linux
59. Black Hat Hacker Tools
60. Hacker
61. Hack Tools
62. Hacker Tools For Mac
63. Hack Tools For Ubuntu
64. Kik Hack Tools
65. Pentest Tools For Ubuntu
66. Ethical Hacker Tools
67. Black Hat Hacker Tools
68. Pentest Tools Bluekeep
69. Hacker Tools Linux
70. New Hacker Tools
71. What Are Hacking Tools
72. Hacker Tools For Ios
73. Pentest Box Tools Download
74. Pentest Tools For Mac
75. Hacking App
76. What Is Hacking Tools
77. Hack Website Online Tool
78. Hacking Tools Kit
79. Hacking Tools Usb
80. Tools For Hacker
81. Hack Tools 2019
82. Hacking Tools Github
83. Hacking Tools Download
84. Pentest Tools List
85. Hack Tools 2019
86. Pentest Recon Tools
87. Pentest Tools Kali Linux
88. Pentest Tools Subdomain
89. Hacker Tools For Windows
90. Hacker Tools Online
91. Pentest Tools Website
92. Hack And Tools
93. Hack Tools Mac
94. Hacker Tools Free Download
95. Hacking Tools
96. Pentest Tools Android
97. Hacking Tools Usb
98. Pentest Tools Website Vulnerability
99. Hacking Tools Mac
100. Hacker Hardware Tools
101. Hacking Tools Pc
102. Pentest Tools Find Subdomains
103. Hacker Tools List
104. Hacking Tools Free Download
105. Hack Tools Mac
106. Pentest Tools Review
107. Pentest Tools Review
108. Pentest Tools Website Vulnerability
109. Hacking Tools 2020
110. Hack Tools Download
111. Pentest Tools Open Source
112. Pentest Tools Find Subdomains
113. Hack Tools Mac
114. Pentest Tools Url Fuzzer
115. Nsa Hacker Tools
116. Beginner Hacker Tools
117. Hacker Tools Free
118. Hacking App
119. New Hacker Tools
120. How To Hack
121. Hacking Apps
122. Hacker Tools For Mac
123. Hack Tool Apk
124. Hacking Tools For Beginners
125. Hacker Tools Mac
126. Hacking Tools For Windows 7
127. Hacker Tool Kit
128. Tools 4 Hack
129. Ethical Hacker Tools
130. Hacking Tools For Windows 7
131. Hacker Tools Software
132. Hack Tools Github
133. Hacker Search Tools
134. Hacker Tools 2020
135. Hacker Tools Free Download
136. Underground Hacker Sites
137. Hack App
138. New Hack Tools
139. Black Hat Hacker Tools
140. Pentest Tools Find Subdomains
141. Growth Hacker Tools
142. Hacking Tools For Windows
143. Pentest Tools Nmap
144. New Hack Tools
145. Hacker Tools
146. Usb Pentest Tools
147. Best Pentesting Tools 2018
148. What Are Hacking Tools
149. Pentest Tools For Ubuntu
150. Hacker Tools Linux
151. Computer Hacker
152. Pentest Tools Website Vulnerability
153. Pentest Tools Framework
154. Hacks And Tools
155. Game Hacking
156. Hack Tools For Ubuntu
157. Pentest Tools Windows
158. Usb Pentest Tools
159. Hacker Tools
160. Pentest Tools Github
161. Pentest Tools
162. Hacker Hardware Tools
163. Pentest Recon Tools
164. Hack And Tools
165. Wifi Hacker Tools For Windows
166. Hack Tools
167. Pentest Tools Open Source
168. Pentest Tools Framework