A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.
Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."
"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."
Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.
The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.
To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.
The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.
The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.
StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.
"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."
Related word
- Hacker Search Tools
- Hacker Tools For Pc
- Pentest Tools Nmap
- Pentest Tools Website
- Hacking Tools Pc
- Hacking Tools For Pc
- Hacking Tools Usb
- Hacking Tools Windows
- What Are Hacking Tools
- Pentest Box Tools Download
- Hack Tool Apk
- Hack Tools For Windows
- Best Hacking Tools 2020
- Hacker Tools Online
- Hacker Tools Apk Download
- Hacking Tools For Kali Linux
- Pentest Tools Android
- Hacker Search Tools
- Pentest Recon Tools
- Hacking Tools And Software
- Hak5 Tools
- Pentest Tools Review
- Hacker Tools For Ios
- Hacker Tools For Mac
- Hack Apps
- Ethical Hacker Tools
- Hacker Tool Kit
- Hacker Tools Apk
- Hacking Tools
- Hacking Tools Hardware
- Underground Hacker Sites
- Hacker Tools Mac
- Hacking Tools
- Hack And Tools
- Hacker Tools For Ios
- Hacker Tools Linux
- Hacker Tools For Windows
- Beginner Hacker Tools
- New Hack Tools
- Hack Tool Apk
- Hak5 Tools
- Growth Hacker Tools
- Pentest Tools Subdomain
- Hack Tools
- Pentest Tools Kali Linux
- Free Pentest Tools For Windows
- How To Make Hacking Tools
- Hacks And Tools
- Hack Rom Tools
- Hacker Security Tools
- Hacking Tools Pc
- Hacker Hardware Tools
- Pentest Tools Nmap
- Pentest Tools Alternative
- Tools Used For Hacking
- Pentest Tools Linux
- Ethical Hacker Tools
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Framework
- Hackrf Tools
- Hacking Tools Windows
- Hacking Tools 2020
- What Is Hacking Tools
- Hack App
- Hacks And Tools
- Hacker
- Hak5 Tools
- Pentest Tools Bluekeep
- Hacking Tools Online
- Hacking Tools Pc
- Pentest Tools Review
- Hacking Tools And Software
- Hacker Tools For Pc
- Hack Tools Github
- Pentest Tools For Ubuntu
- Best Hacking Tools 2019
- Hacker Tools Apk Download
- Pentest Tools For Windows
- Hack Tools Mac
- Hacking Tools Usb
- Hacker Tool Kit
- New Hack Tools
- Pentest Tools Framework
- Hack Tools Download
- Hacking Tools For Windows
- Pentest Tools For Mac
- Hacker Tools Linux
- New Hack Tools
- Hacking Tools Download
- Hacker Search Tools
- New Hacker Tools
- Hacker Tools Software
- Hacking Tools For Pc
- Hack Tools Mac
- Hacking Tools Windows
- Pentest Tools For Android
- Hacking Tools 2020
- Pentest Tools Linux
- Hacking Tools Pc
- Tools For Hacker
- Hack Tools 2019
- Hacker Tools 2019
- Hacking Tools 2019
- Computer Hacker
- Hacker Tools Github
- Hacking App
- Pentest Tools Port Scanner
- Black Hat Hacker Tools
- Pentest Recon Tools
- Hacker Tools For Mac
- Pentest Tools Find Subdomains
- Beginner Hacker Tools
- Hacking Tools For Pc
- Hacker Hardware Tools
- Hack Tools For Ubuntu
- Pentest Tools Nmap
- Hacking Tools Windows 10
- Hackers Toolbox
- Hak5 Tools
- Pentest Tools Find Subdomains
- Usb Pentest Tools
- What Is Hacking Tools
- Nsa Hacker Tools
- Hacking Tools Download
- Free Pentest Tools For Windows
- Nsa Hack Tools Download
- Pentest Recon Tools
- Hacker Tools
- Pentest Reporting Tools
- Physical Pentest Tools
- Hack Tools For Windows
- Hack Tools For Mac
- Hack Apps
- Hacker Tools For Ios
- Tools For Hacker
- Hacking Apps
- Usb Pentest Tools
- New Hacker Tools
0 comments:
Post a Comment