Wednesday, May 31, 2023

Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 


A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.


To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

More articles
  1. Hak5 Tools
  2. Pentest Tools For Ubuntu
  3. Hacker Security Tools
  4. Hacker Tool Kit
  5. What Is Hacking Tools
  6. Hack Tools For Windows
  7. Hacker Security Tools
  8. Hacker Tools Free Download
  9. Hack Tools Mac
  10. New Hacker Tools
  11. Hacker Hardware Tools
  12. Pentest Tools Website Vulnerability
  13. Hacking Tools 2020
  14. Hacking Tools Github
  15. Hack Tools Online
  16. Physical Pentest Tools
  17. Hacking Tools For Mac
  18. Hack Tools Mac
  19. Pentest Tools Free
  20. Hack Tools For Mac
  21. Hacking Apps
  22. Hack Tools 2019
  23. Hacker Tools Mac
  24. Blackhat Hacker Tools
  25. Pentest Tools Apk
  26. Hack Tools For Ubuntu
  27. Tools 4 Hack
  28. Hack Tools Online
  29. Pentest Tools Kali Linux
  30. Hack Tools For Mac
  31. Nsa Hack Tools
  32. Nsa Hack Tools Download
  33. Hack Tool Apk
  34. Hacker Tools Hardware
  35. Install Pentest Tools Ubuntu
  36. Pentest Tools Find Subdomains
  37. Pentest Tools Windows
  38. Hacker
  39. Hack Tools
  40. Top Pentest Tools
  41. Best Pentesting Tools 2018
  42. Hacking Tools Download
  43. Hacking Tools Online
  44. Hacking Tools For Mac
  45. Pentest Tools Website
  46. Pentest Tools Windows
  47. How To Hack
  48. Hack Rom Tools
  49. Blackhat Hacker Tools
  50. Hacking Tools Github
  51. Top Pentest Tools
  52. How To Make Hacking Tools
  53. Hack Tools 2019
  54. Hacking Tools Mac
  55. Hacker Tool Kit
  56. Pentest Box Tools Download
  57. Hacking Tools For Kali Linux
  58. Hack Tools For Mac
  59. Hacker Tools Windows
  60. Tools For Hacker
  61. Pentest Tools Framework
  62. Pentest Tools Windows
  63. Pentest Tools Open Source
  64. How To Hack
  65. Hacking Tools Software
  66. Hacker Tools Free Download
  67. Pentest Box Tools Download
  68. Pentest Tools Kali Linux
  69. Hack Tools For Pc
  70. Hacking Tools Github
  71. Hacking App
  72. Pentest Reporting Tools
  73. Hacker Tools Free
  74. Hacking Tools For Windows 7
  75. Hack Tool Apk
  76. Hack Tools For Games
  77. Hacker Tools Linux
  78. Best Pentesting Tools 2018
  79. Hacker
  80. Hacker Tools 2019
  81. Pentest Tools Review
  82. Hacker Tools Github
  83. Hacking Tools Usb
  84. Pentest Tools
  85. Hacker Tools For Mac
  86. Hack Tools
  87. Hacker Tools Free
  88. Hacking Tools For Windows 7
  89. Hacker Tools Free Download
  90. Pentest Tools For Ubuntu
  91. Pentest Tools Windows
  92. Blackhat Hacker Tools
  93. Hacker Hardware Tools
  94. Pentest Tools Find Subdomains
  95. Pentest Tools Windows
  96. Wifi Hacker Tools For Windows
  97. How To Make Hacking Tools
  98. Hack Tools
  99. Hacker Techniques Tools And Incident Handling
  100. Hack Tools Online
  101. Hacker Tools Linux
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)