Security News > 2022 > February > Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report.

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the target's business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "Calc.exe" and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded.

"Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

News URL

https://thehackernews.com/2022/02/hacker-group-moses-staff-using-new.html