Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Related posts

1. Pentest Automation Tools
2. Pentest Tools Nmap
3. Hackrf Tools
4. Physical Pentest Tools
5. Computer Hacker
6. Pentest Recon Tools
7. Hacker Tools Apk
8. Hacker Tools Github
9. Hacker Tools Windows
10. Hack And Tools
11. Hacks And Tools
12. Hack Apps
13. Hack Tools
14. Hack App
15. Hacks And Tools
16. Hacker Tools For Mac
17. Top Pentest Tools
18. Hacker Tools For Windows
19. Black Hat Hacker Tools
20. Hacking Tools Windows 10
21. Hack Tools
22. Hacking Tools Kit
23. Hack Tools Mac
24. Blackhat Hacker Tools
25. Pentest Tools Apk
26. Hackrf Tools
27. Pentest Tools For Android
28. Hacking Tools Windows 10
29. Hacker Tools Software
30. Pentest Tools Android
31. Hack Tools Mac
32. Pentest Tools Kali Linux
33. Hacking Tools For Mac
34. Hacker Tools For Mac
35. Beginner Hacker Tools
36. Hacker Search Tools
37. Pentest Tools Nmap
38. How To Install Pentest Tools In Ubuntu
39. Pentest Tools For Ubuntu
40. Hacker Tools Apk
41. Hack Apps
42. Game Hacking
43. Hacking Tools For Windows
44. Hacker Tools Software
45. Android Hack Tools Github
46. Hacker Tools For Mac
47. Pentest Tools For Ubuntu
48. Hacking Tools For Pc
49. Hacker Tools Windows
50. Hacking Tools For Games
51. Beginner Hacker Tools
52. Hacking Tools
53. Growth Hacker Tools
54. Hacker
55. Pentest Tools Tcp Port Scanner
56. Hack Tools Download
57. Pentest Box Tools Download
58. Hackers Toolbox
59. Hacker
60. Pentest Tools For Windows
61. Hacking Tools For Beginners
62. Beginner Hacker Tools
63. Pentest Tools Url Fuzzer
64. Hack Rom Tools
65. Hack Apps
66. Hacker Tools Mac
67. Computer Hacker
68. Pentest Tools Android
69. Hacking Tools For Games
70. Hacker Tools List
71. Hack App
72. Hacking Tools Name
73. Hacker
74. Pentest Tools Free
75. Pentest Tools Website
76. Hack Tools For Ubuntu
77. Tools For Hacker
78. Pentest Tools Website
79. Hacking Apps
80. Physical Pentest Tools
81. New Hacker Tools
82. Hacking Tools For Beginners
83. Pentest Tools Website
84. Pentest Tools Open Source
85. Pentest Tools Kali Linux
86. Hack Tool Apk No Root
87. Hack App
88. Pentest Tools List
89. Hacker Tools Windows
90. Hack Rom Tools
91. Hacker Tools For Mac
92. Hacker Tools Linux
93. Pentest Tools Subdomain
94. Hacking Tools Download
95. Hack Tools Github
96. Hacker Search Tools
97. Pentest Recon Tools
98. Hacking Tools Name
99. Hack App
100. Ethical Hacker Tools
101. Hacking Tools
102. Free Pentest Tools For Windows
103. Pentest Tools Download
104. Hack Tools For Games
105. Underground Hacker Sites
106. Nsa Hacker Tools
107. Pentest Tools List
108. Pentest Tools Apk
109. Hacker Tools For Pc
110. How To Make Hacking Tools
111. Hacking Tools For Windows Free Download
112. Hacker Tool Kit
113. Hacks And Tools
114. Hack And Tools
115. Kik Hack Tools
116. Pentest Tools Github
117. Top Pentest Tools
118. Hack And Tools
119. Pentest Tools Review
120. Hacking Tools Software
121. Hacking Tools For Mac
122. Hacking Tools 2020
123. Hacking Tools For Windows Free Download
124. Hack Apps
125. Pentest Tools Subdomain
126. Pentest Tools
127. Best Pentesting Tools 2018
128. Growth Hacker Tools
129. Wifi Hacker Tools For Windows
130. Hacking Tools Online
131. Hack Apps
132. Hacking Tools 2019
133. Pentest Tools Subdomain
134. Hak5 Tools
135. Hacking Tools Name
136. Hack Tool Apk No Root
137. What Are Hacking Tools
138. Hack Apps
139. Hack Tools
140. Hacker Tools
141. Easy Hack Tools
142. Pentest Tools Nmap
143. Pentest Tools For Android
144. Hacking Tools For Kali Linux
145. Tools 4 Hack
146. Hacking Tools For Windows
147. Hacker Tools 2020
148. Termux Hacking Tools 2019