Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Related news

1. Pentest Tools Review
2. Hacking Tools Pc
3. Hacker Tools Windows
4. Hack Tool Apk No Root
5. Termux Hacking Tools 2019
6. Pentest Tools Tcp Port Scanner
7. Hacking Tools For Windows
8. Pentest Tools Review
9. New Hacker Tools
10. Hacking Tools For Beginners
11. Hack Tools Mac
12. How To Hack
13. Hack Website Online Tool
14. Pentest Tools Website
15. Pentest Tools Android
16. Hacking Tools Online
17. Pentest Tools
18. How To Hack
19. Pentest Tools Free
20. Hacking Tools Github
21. Hacker Tools Hardware
22. Hacker Tools 2020
23. Hackrf Tools
24. What Are Hacking Tools
25. Pentest Tools Bluekeep
26. Growth Hacker Tools
27. Hacker Tools 2019
28. Hacker Tools Apk
29. Hacker Search Tools
30. Pentest Reporting Tools
31. Physical Pentest Tools
32. Pentest Tools Open Source
33. Hacking Tools 2019
34. Hacker Tools 2019
35. Hacking Tools For Beginners
36. How To Install Pentest Tools In Ubuntu
37. New Hack Tools
38. Growth Hacker Tools
39. Hacker Tools For Pc
40. Best Hacking Tools 2019
41. Growth Hacker Tools
42. Hackrf Tools
43. Top Pentest Tools
44. Hacker Security Tools
45. Hacking Tools Software
46. Hack Tools For Mac
47. Pentest Tools For Ubuntu
48. Hack Apps
49. Hacker Security Tools
50. Hackers Toolbox
51. Hacking Tools Name
52. Easy Hack Tools
53. Top Pentest Tools
54. Hack Tools For Mac
55. Hacking Tools Online
56. Hacker Tools List
57. Hack Tool Apk No Root
58. Free Pentest Tools For Windows
59. Hacking Tools For Windows Free Download
60. Hackrf Tools
61. Hack Website Online Tool
62. Hacking Tools For Mac
63. Hack Tools For Windows
64. Hacker Tools 2020
65. Pentest Tools Find Subdomains
66. Nsa Hack Tools
67. Hack App
68. Pentest Tools Review
69. Hack Rom Tools
70. Hacking Tools Download
71. Hacker Tool Kit
72. Ethical Hacker Tools
73. Hacker Tools Github
74. Hacking Tools Github
75. Pentest Tools Url Fuzzer
76. Hacking Tools For Windows Free Download
77. Hacking Tools
78. Hacker Tools For Windows
79. Hack Tools Mac
80. Tools Used For Hacking
81. Hacking Tools And Software
82. Hacking App
83. Hack Tools Pc
84. Hacker Tools Linux
85. Physical Pentest Tools
86. Hacker
87. Termux Hacking Tools 2019
88. Hack Tool Apk No Root
89. Pentest Tools Linux
90. Hacking Tools For Games
91. Hacker Tools Hardware
92. What Is Hacking Tools
93. Hacker Tools Windows
94. Best Pentesting Tools 2018
95. Pentest Tools Free
96. Pentest Tools Subdomain
97. Hack Tools For Games
98. Pentest Automation Tools
99. Termux Hacking Tools 2019
100. Hack Tools Download
101. Hack Tools Online
102. Pentest Tools For Ubuntu
103. Wifi Hacker Tools For Windows
104. Pentest Tools
105. Pentest Box Tools Download
106. Hack Tool Apk
107. Pentest Tools List
108. New Hacker Tools
109. Hacking Tools Hardware
110. Hacker Tools 2020
111. Pentest Tools Kali Linux
112. Hack Tools
113. How To Hack
114. Pentest Tools Website Vulnerability
115. Hack Rom Tools
116. Pentest Tools Linux
117. Computer Hacker
118. Hack Tools Download
119. Pentest Recon Tools
120. Pentest Recon Tools
121. Pentest Tools Subdomain
122. Hacking Tools For Windows 7
123. Hack Tools 2019
124. Bluetooth Hacking Tools Kali
125. Hacking Tools Github
126. Hacker Tools Linux
127. Hack Rom Tools
128. New Hack Tools
129. Hack Apps
130. Hacking Tools Windows 10
131. Pentest Tools Find Subdomains
132. Pentest Tools Online
133. Pentest Tools Windows
134. Hacking Tools
135. Hacker Tools For Pc
136. Pentest Tools For Ubuntu