• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hacker group 'moses staff' using new strifewater rat in ransomware

Hacker Group ‘Moses Staff’ Using New StrifeWater RAT in Ransomware Attacks

You are here: Home / General Cyber Security News / Hacker Group ‘Moses Staff’ Using New StrifeWater RAT in Ransomware Attacks
February 2, 2022

A politically enthusiastic hacker team tied to a collection of espionage and sabotage attacks on Israeli entities in 2021 included a formerly undocumented distant accessibility trojan (RAT) that masquerades as the Windows Calculator app as component of a conscious energy to remain beneath the radar.

Cybersecurity organization Cybereason, which has been tracking the operations of the Iranian actor acknowledged as Moses Employees, dubbed the malware “StrifeWater.”

“The StrifeWater RAT appears to be employed in the initial phase of the attack and this stealthy RAT has the ability to remove by itself from the process to go over the Iranian group’s tracks,” Tom Fakterman, Cybereason security analyst, stated in a report. “The RAT possesses other capabilities, these kinds of as command execution and display capturing, as properly as the potential to obtain additional extensions.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

Moses Staff members came to light-weight toward the close of final yr when Look at Point Investigation unmasked a series of attacks aimed at Israeli corporations considering that September 2021 with the aim of disrupting the target’s enterprise functions by encrypting their networks, with no choice to regain entry or negotiate a ransom.

The intrusions were noteworthy for the fact that they relied on the open up-source library DiskCryptor to complete volume encryption, in addition to infecting the programs with a bootloader that stops them from starting without the appropriate encryption crucial.

Ransomware Attacks

To date, victims have been claimed outside of Israel, which include Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason will come in the form of a RAT which is deployed under the name “calc.exe” (the Windows Calculator binary) and is made use of for the duration of the early levels of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

Prevent Data Breaches

The removing and the subsequent substitution of the malicious calculator executable with the legit binary, the scientists suspect, is an try on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention allow them to evade detection right up until the last section of the attack when the ransomware payload is executed.

StrifeWater, for its aspect, is no diverse from its counterparts and will come with several functions, chief amongst them remaining the capability to listing technique data files, execute process instructions, take monitor captures, produce persistence, and download updates and auxiliary modules.

“The conclude purpose for Moses Team seems to be a lot more politically motivated rather than economical,” Fakterman concluded. “Moses Staff employs ransomware write-up-exfiltration not for monetary acquire, but to disrupt functions, obfuscate espionage action, and to inflict hurt to techniques to progress Iran’s geopolitical targets.”

Observed this report intriguing? Observe THN on Fb, Twitter  and LinkedIn to examine far more exclusive content material we post.


Some areas of this posting are sourced from:
thehackernews.com

Previous Post: «critical bug found in wordpress plugin for elementor with over Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations
Next Post: Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors dozens of security flaws discovered in uefi firmware used by»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Ugandan Writers Charged with Cyber Stalking President
  • Russian Hackers Allegedly Compromise Ukrainian News Sites, Displaying ‘Z’ Symbol
  • A Third of Malicious Logins Originate in Nigeria
  • Open source dev attacked for spreading data-wiping ‘protestware’
  • Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
  • Arkansas Sues Health System for Abandoning Patient Files
  • Netflix to Charge Password Sharers
  • Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines
  • Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
  • Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware

Copyright © TheCyberSecurity.News, All Rights Reserved.