Menu
In the recent weeks, a new hacker group called Moses Staff has been recently claiming responsibility for multiple attacks against Israeli entities, where they have gaining access to networks and systems owned by Israeli organisations and encrypt the files on the systems before leaking copies of the stolen files to the public. Based on the attacks that they have conducted and the fact they haven’t demanded a ransom from any of their victims, it is believed that they are politically motivated and are looking to cause operational disruptions and damage to its victims by exposing corporate secrets and other sensitive information via dedicated data leaks sites, Twitter accounts, and Telegram channels.
Based on a detailed report by researchers at Check Point who have been looking into the techniques, infection chain, and the toolset used by the threat actors, Moses Staff appears to be using publicly available exploits for known vulnerabilities and are using windows tools like PsExec, WMIC, and Powershell to move laterally through their victims’ networks. And then the threat actors use a custom PyDCrypt malware that utilizes the open-source disk encryption tool, DiskCryptor to encrypt devices.
Additionally, as the encryption scheme uses symmetric key generation, it is possible to restore the encrypted files under the certain circumstances. So, it is clear that Moses Staff’s main goal is not encrypt systems to the point where they are irrecoverable but to cause disruptions to their targets.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
