Moses Staff
Description
(Check Point) In September 2021, the hacker group MosesStaff began targeting Israeli organizations, joining a wave of attacks which was started about a year ago by the Parisite, Fox Kitten, Pioneer Kitten and Agrius attack groups. Those actors operated mainly for political reasons in attempt to create noise in the media and damage the country’s image, demanding money and conducting lengthy and public negotiations with the victims.
MosesStaff behaves differently. The group openly states that their motivation in attacking Israeli companies is to cause damage by leaking the stolen sensitive data and encrypting the victim’s networks, with no ransom demand. In the language of the attackers, their purpose is to “Fight against the resistance and expose the crimes of the Zionists in the occupied territories.”
Names
| Name | Name-Giver |
|---|---|
| Moses Staff | self given |
| Abraham’s Ax | self given |
| DEV-0500 | Microsoft |
| Cobalt Sapling | SecureWorks |
| Marigold Sandstorm | Microsoft |
| Vengeful Kitten | CrowdStrike |
| White Dev 95 | PWC |
Country
Motivation
- Sabotage and destruction
First Seen
2021
Observed Sectors
Observed Countries
Tools
Operations
- 2022-11: Abraham’s Ax Likely Linked to Moses Staff https://www.secureworks.com/blog/abrahams-ax-likely-linked-to-moses-staff
Information
- https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/
- https://www.cybereason.com/blog/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations
- https://www.fortinet.com/blog/threat-research/guard-your-drive-from-driveguard
- https://www.timesofisrael.com/report-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act/
Mitre Attack
Other Information
Uuid
71af54b8-3a64-42a0-9b8f-94d8fcb684a8
Last Card Change
2024-03-10