A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.
Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."
"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."
Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.
The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.
To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.
The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.
The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.
StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.
"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."
Related articles
- Underground Hacker Sites
- Hacking Tools 2020
- Hacker Tools Mac
- Hacker Tools List
- Hacking Tools For Kali Linux
- Hacking Tools For Pc
- Pentest Tools List
- Hacker Tools Linux
- Pentest Tools Apk
- Tools 4 Hack
- Hacking Tools Free Download
- Pentest Automation Tools
- Hack Tools For Windows
- Hack Tools Online
- Hacking Tools
- Hacker Tools Online
- What Are Hacking Tools
- Pentest Tools
- Hack Tools For Windows
- Pentest Tools Nmap
- What Is Hacking Tools
- Hacking Tools Name
- Hack Tools 2019
- Pentest Automation Tools
- Pentest Tools Online
- Growth Hacker Tools
- Hak5 Tools
- Pentest Tools Free
- Pentest Tools Windows
- Bluetooth Hacking Tools Kali
- Nsa Hacker Tools
- Hack Tools Github
- Hacking Tools
- Hack Tools
- Hacker Tools Free Download
- Hacking Tools Hardware
- Hacking Tools Mac
- Hacker Tools For Ios
- Hack Tools Github
- Hack Website Online Tool
- Hacks And Tools
- Hack Tools For Ubuntu
- Pentest Tools For Windows
- What Is Hacking Tools
- Pentest Tools Review
- Hacker Tools For Ios
- Hacker Tools Hardware
- Pentest Tools Tcp Port Scanner
- Android Hack Tools Github
- Tools 4 Hack
- World No 1 Hacker Software
- Hacks And Tools
- Pentest Tools Kali Linux
- Hacking Tools 2019
- World No 1 Hacker Software
- World No 1 Hacker Software
- Pentest Tools Apk
- Hack Tools Online
- Pentest Tools Subdomain
- Pentest Tools Framework
- Hack Tools
- How To Make Hacking Tools
- Pentest Tools Open Source
- Pentest Tools Tcp Port Scanner
- Hacker Tools Software
- Hack Tools For Mac
- Hacking Tools Free Download
- Bluetooth Hacking Tools Kali
- Hacker Tools For Windows
- What Is Hacking Tools
- Hack Tools
- Hacking Tools Software
- Pentest Tools Linux
- Hack Tools For Mac
- Hacker Tools 2020
- Pentest Tools List
- Termux Hacking Tools 2019
- Hacker Techniques Tools And Incident Handling
- Pentest Tools For Ubuntu
- Best Hacking Tools 2019
- Hacking Tools Free Download
- Hack Tool Apk
- How To Hack
- Hacker Tools Online
- Hacking Tools For Kali Linux
- Hacker Tool Kit
- Pentest Tools Url Fuzzer
- Hacking Tools
- Hack Tools Pc
- Pentest Tools Download
- Tools 4 Hack
- Hacker Tools For Mac
- Pentest Tools Windows
- Hackers Toolbox
- Install Pentest Tools Ubuntu
- Computer Hacker
- Hacking Tools Mac
- Hack Tools For Games
- Hack Tools Github
- Black Hat Hacker Tools
- Hack Tools For Games
- Pentest Tools Tcp Port Scanner
- Hackrf Tools
- Hacking Tools Mac
- Tools Used For Hacking
- Nsa Hacker Tools
- Hacking Tools For Windows 7
- Game Hacking
- Pentest Tools Kali Linux
- Best Hacking Tools 2020
- Hacking Tools Online
- Pentest Tools Url Fuzzer
- Hacking Tools For Beginners
- Hacking Tools For Pc
- Pentest Tools Free
- Hacking App
- Hack Tools 2019
- Hack Tools For Pc
- Hacking Tools Kit
- Github Hacking Tools
- Hack Tools Online
- Hack Apps
- Beginner Hacker Tools
- Pentest Tools Bluekeep
- Termux Hacking Tools 2019
0 comments:
Post a Comment