Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

More information

1. Pentest Tools Linux
2. Pentest Tools Website
3. Hackers Toolbox
4. Hacking Tools For Windows Free Download
5. Hacking Tools And Software
6. Hacking Tools Name
7. Hacker Security Tools
8. Pentest Tools Kali Linux
9. Pentest Tools Free
10. Hacking Tools Hardware
11. Hacking Tools
12. Hacking Tools Github
13. Pentest Tools Port Scanner
14. Pentest Automation Tools
15. Hacker Tools Free Download
16. Hacker Tools For Pc
17. Github Hacking Tools
18. How To Make Hacking Tools
19. Hacking Tools Windows
20. Best Pentesting Tools 2018
21. Bluetooth Hacking Tools Kali
22. Pentest Tools Linux
23. Pentest Tools Url Fuzzer
24. Growth Hacker Tools
25. How To Hack
26. Pentest Tools Subdomain
27. Hack Tools 2019
28. Hack Rom Tools
29. Hack Tools Mac
30. Pentest Tools Nmap
31. Hacking Tools 2019
32. Hacker Tools For Ios
33. Hack Tools Online
34. Hacker
35. Hacking Tools For Kali Linux
36. Hacker Tools Linux
37. Growth Hacker Tools
38. Hacking Tools Windows
39. Hacker Hardware Tools
40. Hack App
41. Hack Tools For Windows
42. Hacking Tools
43. Hacker Tools Free
44. Hacking Tools Free Download
45. Pentest Tools Nmap
46. Hacking Tools Free Download
47. Hacking Tools And Software
48. Tools 4 Hack
49. Hacker Tools Mac
50. Hacking App
51. Pentest Tools For Mac
52. Pentest Tools Apk
53. Termux Hacking Tools 2019
54. How To Install Pentest Tools In Ubuntu
55. Pentest Tools For Ubuntu
56. Hacker Tools Hardware
57. Hack Tools Github
58. New Hack Tools
59. Beginner Hacker Tools
60. Tools Used For Hacking
61. Pentest Reporting Tools
62. Hacking Tools Mac
63. Hack Tools For Windows
64. Hacking Tools Free Download
65. Wifi Hacker Tools For Windows
66. Hacking Tools Mac
67. Hacking Tools Free Download
68. Pentest Tools Nmap
69. Hacking Tools And Software
70. Hacking Tools Download
71. Pentest Recon Tools
72. Hacker Techniques Tools And Incident Handling
73. Hacking Tools Online
74. New Hack Tools
75. Pentest Tools Port Scanner
76. Pentest Tools Android
77. Hacks And Tools
78. How To Install Pentest Tools In Ubuntu
79. Hacker Tools 2019
80. Hacker Tools Free
81. Github Hacking Tools
82. Nsa Hack Tools Download
83. Pentest Tools Port Scanner
84. Hack Tools Online
85. Hacks And Tools
86. Install Pentest Tools Ubuntu
87. Android Hack Tools Github
88. Pentest Tools For Android
89. Hacking Tools Name
90. Hacker Tools 2020
91. Hack Tools For Windows
92. Tools For Hacker
93. Best Pentesting Tools 2018
94. World No 1 Hacker Software
95. Hak5 Tools
96. Pentest Tools Android
97. Hackrf Tools
98. Hack Tools 2019
99. Wifi Hacker Tools For Windows
100. How To Install Pentest Tools In Ubuntu
101. Hacker Tools Windows
102. Pentest Tools Nmap
103. Tools Used For Hacking
104. Hack App
105. Free Pentest Tools For Windows
106. Pentest Tools Online
107. Computer Hacker
108. Pentest Tools Find Subdomains