New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

MosesStaff techniques: Ideology over Money

November 16, 2021

MosesStaff carries out targeted attacks against Israeli companies, leaks their data, and encrypts their networks. There is no ransom demand and no decryption option; their motives are purely political. Initial access to victims' networks is presumably achieved through exploiting known vulnerabilities in publicly facing infrastructure such as Microsoft Exchange Servers. The lateral movement within the infected networks is made using basic tools: PsExec, WMIC, and Powershell. The attacks utilize the open-source library DiskCryptor to perform volume encryption and lock the victims' computers with a bootloader that won't allow the machines to boot without the correct password. The group's current encryption method may be reversible under certain circumstances.