MosesStaff techniques: Ideology over Money
MosesStaff carries out targeted attacks against Israeli companies, leaks their data, and encrypts their networks.
There is no ransom demand and no decryption option; their motives are purely political.
Initial access to victims' networks is presumably achieved through exploiting known vulnerabilities in publicly facing infrastructure such as Microsoft Exchange Servers.
The lateral movement within the infected networks is made using basic tools: PsExec, WMIC, and Powershell.
The attacks utilize the open-source library DiskCryptor to perform volume encryption and lock the victims' computers with a bootloader that won't allow the machines to boot without the correct password.
The group's current encryption method may be reversible under certain circumstances.
Featured Resources
E-book
Optimize Your Cyber Defenses with Exposure Validation
CTEM guidance built around exposure validation to surface real exposures, strengthen existing controls, and reduce uncertainty
blog
AI and ML for SIEM: The New Standard in SOC Defense
Traditional SIEM systems, while foundational to enterprise security operations, can reach a limit in increasingly-complex environments. As organizations face more
blog
EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
EXECUTIVE SUMMARY The Cymulate Research Labs is committed to advancing cybersecurity by scrutinizing emerging technologies and exposing hidden risks. Our