MosesStaff carries out targeted attacks against Israeli companies, leaks their data, and encrypts their networks.
There is no ransom demand and no decryption option; their motives are purely political.
Initial access to victims’ networks is presumably achieved through exploiting known vulnerabilities in publicly facing infrastructure such as Microsoft Exchange Servers.
The lateral movement within the infected networks is made using basic tools: PsExec, WMIC, and Powershell.
The attacks utilize the open-source library DiskCryptor to perform volume encryption and lock the victims’ computers with a bootloader that won’t allow the machines to boot without the correct password.
The group’s current encryption method may be reversible under certain circumstances.
Sign Up For Threat Alerts
Nov 29, 2021
IKEA email systems hit by ongoing cyberattack
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing...
Nov 28, 2021
Tardigrade Malware targets Biomanufacturing Facilities
An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that...
Nov 25, 2021
RATDispenser – Stealthy JavaScript Loader Dispensing RATs
Attackers are using an evasive JavaScript loader, RATDispenser, to distribute remote access Trojans (RATs) and...
Nov 24, 2021
Memento Team uses password-protected archives to bypass...
Calling themselves "Memento team", actors use Python-based ransomware that they reconfigured after setbacks. This was...
Nov 23, 2021
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack...
Squirrelwaffle emerged as a new loader that is spread through spam campaigns. It is known...
Nov 22, 2021
Emotet Returns
Back in January 2021, law enforcement and judicial authorities worldwide took down the Emotet botnet....
Nov 18, 2021
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft...
The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple...
Nov 17, 2021
Web compromises in the Middle East with...
ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high-profile websites in...
Nov 15, 2021
Lyceum mass backdoor attacks
Lyceum backdoors appear to have targeted ISPs and telecommunication operators in Israel, Morocco, Tunisia, and...
Nov 14, 2021
New Golang malware (BotenaGo) targeting millions of...
Analysts have found new malware written in the open source programming language Golang. Deployed with...
Nov 11, 2021
Fresh Variant of Snake Keylogger Malware
Snake Keylogger is a malware developed using .NET. It first appeared in late 2020 and...
Nov 10, 2021
Mekotio Banker – Improved Stealth and Ancient...
A banking Trojan called "Mekotio" that targeted Latin America countries in the past, now making...
Nov 09, 2021
Targeted Attack Campaign Against ManageEngine ADSelfService Plus...
US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat...
Nov 08, 2021
SquirrelWaffle Leverages malspam to deliver Qakbot
Recently, a new threat, referred to as "SquirrelWaffle" is being spread more widely via spam...
Nov 08, 2021
ProxyShell exploitation leads to Babuk ransomware
A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers...