Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Related articles

1. Pentest Automation Tools
2. Growth Hacker Tools
3. How To Hack
4. Nsa Hack Tools
5. Pentest Tools For Mac
6. Black Hat Hacker Tools
7. Tools 4 Hack
8. Hacking Tools Windows 10
9. Hacking Tools Pc
10. Hacker Tools Online
11. Hacking Tools Kit
12. Beginner Hacker Tools
13. Best Pentesting Tools 2018
14. Hacking Tools For Windows Free Download
15. Hack Rom Tools
16. Pentest Tools Github
17. Nsa Hack Tools Download
18. Hacking Tools For Games
19. Hacking Tools For Beginners
20. Ethical Hacker Tools
21. Hacking Tools 2019
22. Pentest Tools Android
23. Hacker Tools Github
24. Pentest Tools Github
25. Black Hat Hacker Tools
26. Hacks And Tools
27. Pentest Tools Alternative
28. Hacker Tools Apk
29. Hack Tools For Windows
30. Hack Tool Apk No Root
31. Hak5 Tools
32. What Are Hacking Tools
33. Hack Tools For Ubuntu
34. Hacking Tools Mac
35. Pentest Tools Website
36. Hackers Toolbox
37. Nsa Hacker Tools
38. Hacker Tools Hardware
39. Underground Hacker Sites
40. Hacking Tools For Games
41. Hack Tool Apk
42. World No 1 Hacker Software
43. Ethical Hacker Tools
44. Pentest Tools Find Subdomains
45. Hacking Tools Name
46. What Is Hacking Tools
47. Pentest Tools
48. Hacking Tools Mac
49. Github Hacking Tools
50. Hacking Tools Usb
51. Hacker Tools For Mac
52. Install Pentest Tools Ubuntu
53. Hacking Tools
54. Bluetooth Hacking Tools Kali
55. Pentest Tools Free
56. Hacker Tools 2020
57. Hacker Tools Free
58. Pentest Tools Framework
59. Best Hacking Tools 2020
60. Install Pentest Tools Ubuntu
61. Hack Tools For Games
62. Hack Tools Mac
63. Pentest Tools Github
64. Hacking Tools Free Download
65. Game Hacking
66. Hacker Search Tools
67. Pentest Reporting Tools
68. Hack Tools Mac
69. Hacking Apps
70. Pentest Reporting Tools
71. Pentest Tools Url Fuzzer
72. Hacking Tools Software
73. Kik Hack Tools
74. Beginner Hacker Tools
75. Best Hacking Tools 2019
76. Hack Apps
77. Hacker Tools Software
78. Hacker Tools 2019
79. Hack Tools For Pc
80. Hacker Tools List
81. Hack Rom Tools
82. Hacker
83. Best Pentesting Tools 2018
84. Pentest Tools Website Vulnerability
85. Hacking Tools Kit