A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.
Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."
"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."
Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.
The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.
To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.
The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.
The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.
StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.
"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."
Related links
- Hacking Tools Download
- Hacking Tools Usb
- Usb Pentest Tools
- Pentest Tools Review
- Hacker Tools Online
- Hacker Tools Mac
- Pentest Tools Online
- Tools For Hacker
- Game Hacking
- Blackhat Hacker Tools
- Hacking Tools For Beginners
- Hack App
- Hacker Tools For Ios
- Hacking App
- Hacking App
- Hacking App
- Hak5 Tools
- Tools For Hacker
- Hacking Tools
- Hacking Tools Kit
- Kik Hack Tools
- Hacker Search Tools
- Hacker Tools List
- Hacker Tools Free Download
- What Are Hacking Tools
- Hack Rom Tools
- Hack Tool Apk
- Pentest Tools Apk
- Wifi Hacker Tools For Windows
- Hack Rom Tools
- Hacking Tools Usb
- Hacking Tools For Games
- Best Hacking Tools 2020
- Termux Hacking Tools 2019
- Pentest Tools Tcp Port Scanner
- Hacking Tools Online
- Hacking Tools Online
- Hack Tools
- Install Pentest Tools Ubuntu
- Hack Website Online Tool
- New Hacker Tools
- Hack Tools Mac
- Nsa Hack Tools
- New Hacker Tools
- Pentest Tools Review
- Hacker Tools Github
- Pentest Tools Url Fuzzer
- Nsa Hack Tools Download
- Pentest Tools List
- Pentest Tools Online
- Ethical Hacker Tools
- Hacker Search Tools
- How To Hack
- Hack Tool Apk
- Hacking Tools For Games
- Hack Apps
- Growth Hacker Tools
- Hacking Tools
- Hacker Tools Free Download
- Pentest Tools For Windows
- Hacker Tools For Mac
- Pentest Tools For Mac
- Hack Tools For Windows
- Pentest Tools Linux
- Hacker Hardware Tools
- Pentest Box Tools Download
- Hack App
- Pentest Box Tools Download
- Hacking Tools 2020
- Hacker Tools Free Download
- Hacker Tools Windows
- Hacking Tools Usb
- Hacker Tools Mac
- Pentest Automation Tools
- Hack Tools Download
- Hacker Tool Kit
- Hack App
- Pentest Tools For Windows
- Hacking Tools For Windows
- Pentest Tools For Windows
- Hacking Tools
- Pentest Automation Tools
- Hacker Tools For Ios
- Nsa Hack Tools
- Hack Apps
- Hacker Tools Online
- Hacking Tools For Windows 7
- Hacking Tools Name
- Bluetooth Hacking Tools Kali
- Hack Rom Tools
- Hacking Tools For Beginners
- Bluetooth Hacking Tools Kali
- Hacker Tools 2020
- Underground Hacker Sites
- Pentest Tools For Ubuntu
- Hack Tools Pc
- New Hack Tools
- Hack Tools For Games
- Hack Tools Github
- Hacker Tools Online
- Hacking Tools Kit
- Hacker Tools Online
- Hacker Tools For Windows
- Hacker Hardware Tools
- Computer Hacker
- World No 1 Hacker Software
- Pentest Tools For Android
- Hack Tools Mac
- Hack Tools For Mac
- World No 1 Hacker Software
- Hacker Tools 2020
- Best Pentesting Tools 2018
- Pentest Tools For Android
- Hacker Tools 2019
- Hack Tools
- Bluetooth Hacking Tools Kali
- Bluetooth Hacking Tools Kali
- Tools For Hacker
- Underground Hacker Sites
- Hack Tools For Games
- Black Hat Hacker Tools
- Best Pentesting Tools 2018
- Hack Tools For Games
- Hacking Tools Hardware
- Hacker Tools Hardware
- Hacking Tools Kit
- Hack And Tools
No comments:
Post a Comment