MosesStaff techniques: Ideology over Money
MosesStaff carries out targeted attacks against Israeli companies, leaks their data, and encrypts their networks.
There is no ransom demand and no decryption option; their motives are purely political.
Initial access to victims' networks is presumably achieved through exploiting known vulnerabilities in publicly facing infrastructure such as Microsoft Exchange Servers.
The lateral movement within the infected networks is made using basic tools: PsExec, WMIC, and Powershell.
The attacks utilize the open-source library DiskCryptor to perform volume encryption and lock the victims' computers with a bootloader that won't allow the machines to boot without the correct password.
The group's current encryption method may be reversible under certain circumstances.
Featured Resources
View More Resources
Report
2026 Gartner ® Market Guide for Adversarial Exposure Validation
Read insights from Gartner® on adversarial exposure validation. Gartner® predicts that “By 2029, 30% of organizations will link AEV results to automated remediation or
blog
Security Spent a Decade Finding More. It Should Have Been Proving More.
Here's an uncomfortable truth most security leaders already suspect but rarely say out loud: Your organization has invested millions in security tools, and
blog
Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now
After years of battling ransomware and financially motivated threats, security teams must now increase their focus to defend against digital destruction. Iranian-backed Handala Hack highlighted the growing threat with its claimed attacks against a U.S.-based medical equipment maker, with reports of widespread deletion of data