Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Related word

1. New Hack Tools
2. Hacker Tools Linux
3. Hacker Tools List
4. Hack Tools For Games
5. Pentest Tools Android
6. Pentest Tools Website Vulnerability
7. Hacking Tools For Beginners
8. Game Hacking
9. Pentest Tools Nmap
10. Hacking Tools 2020
11. Best Hacking Tools 2020
12. Black Hat Hacker Tools
13. Pentest Recon Tools
14. Hacking Tools For Games
15. Hacking Tools For Windows Free Download
16. World No 1 Hacker Software
17. Hacker Tools Windows
18. Hack Tools For Mac
19. New Hacker Tools
20. Hack Tool Apk
21. Pentest Tools List
22. Bluetooth Hacking Tools Kali
23. Game Hacking
24. Hack Tool Apk No Root
25. Hacking Tools Kit
26. Pentest Tools Nmap
27. Tools 4 Hack
28. Hacking Tools For Kali Linux
29. Hacker Tools Hardware
30. Hacking Tools Mac
31. Hacking Tools Kit
32. Pentest Tools Kali Linux
33. Hacking Tools Name
34. Pentest Tools Tcp Port Scanner
35. Hacker Security Tools
36. Pentest Tools Bluekeep
37. Hack App
38. Pentest Tools Website
39. Hacker Hardware Tools
40. Hacking Tools For Pc
41. Hack Tools For Ubuntu
42. Hacking Tools Github
43. Pentest Tools Website Vulnerability
44. Pentest Tools Tcp Port Scanner
45. What Is Hacking Tools
46. Usb Pentest Tools
47. Easy Hack Tools
48. Pentest Tools Alternative
49. Nsa Hacker Tools
50. Hack Tools For Windows
51. Best Pentesting Tools 2018
52. Termux Hacking Tools 2019
53. Best Hacking Tools 2020
54. Physical Pentest Tools
55. Game Hacking
56. Pentest Reporting Tools
57. Pentest Tools Website Vulnerability