w Moses Staff and Emerging Abraham's Ax Hacktivists Group

2023-01-26 14:34

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022.

The geopolitical group is believed to be sponsored by the Iranian government and has since been linked to a string of espionage and sabotage attacks that make use of tools like StrifeWater RAT and open source utilities such as DiskCryptor to harvest sensitive information and lock victim data on infected hosts.

Now according to Secureworks' analysis, "The Abraham's Ax persona is being used in tandem to attack government ministries in Saudi Arabia" and that "This is likely in response to Saudi Arabia's leadership role in improving relations between Israel and Arab nations."

Hezbollah, which means "Party of Allah" in Arabic, is a Lebanese Shia Islamist political party and militant group that's backed by Iran.

The striking overlaps in the modus operandi further raise the possibility that the operators behind Abraham's Ax are likely leveraging the same custom malware which acts as a cryptographic wiper to encrypt data without offering a means to recover the data.

"Over the last couple of years an increasing number of criminal and hacktivist group personas have emerged to target perceived enemies of Iran while providing plausible deniability to the Government of Iran regarding association or responsibility for these attacks. This trend is likely to continue."

News URL

https://thehackernews.com/2023/01/researchers-uncover-connection-bw-moses.html

#hacktivist #researcher