{"id":5612,"date":"2021-11-15T15:39:03","date_gmt":"2021-11-15T06:39:03","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=5612"},"modified":"2021-12-06T15:40:24","modified_gmt":"2021-12-06T06:40:24","slug":"israeli-organisations-are-being-targeted-and-disrupted-by-moses-staff-with-ransomless-encryptions","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/israeli-organisations-are-being-targeted-and-disrupted-by-moses-staff-with-ransomless-encryptions\/","title":{"rendered":"Israeli organisations are being targeted and disrupted by Moses Staff with ransomless encryptions"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5612\" class=\"elementor elementor-5612\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4a4c80f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4a4c80f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-48f6cc3\" data-id=\"48f6cc3\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e521a3c elementor-widget elementor-widget-text-editor\" data-id=\"e521a3c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>In the recent weeks, a new hacker group called Moses Staff has been recently claiming responsibility for multiple attacks against Israeli entities, where they have gaining access to networks and systems owned by Israeli organisations and encrypt the files on the systems before leaking copies of the stolen files to the public. Based on the attacks that they have conducted and the fact they haven\u2019t demanded a ransom from any of their victims, it is believed that they are politically motivated and are looking to cause operational disruptions and damage to its victims by exposing corporate secrets and other sensitive information via dedicated data leaks sites, Twitter accounts, and Telegram channels.<\/p><p>Based on a detailed report by researchers at Check Point who have been looking into the techniques, infection chain, and the toolset used by the threat actors, Moses Staff appears to be using publicly available exploits for known vulnerabilities and are using windows tools like PsExec, WMIC, and Powershell to move laterally through their victims\u2019 networks. And then the threat actors use a custom PyDCrypt malware that utilizes the open-source disk encryption tool, DiskCryptor to encrypt devices.<\/p><p>Additionally, as the encryption scheme uses symmetric key generation, it is possible to restore the encrypted files under the certain circumstances. So, it is clear that Moses Staff\u2019s main goal is not encrypt systems to the point where they are irrecoverable but to cause disruptions to their targets.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In the recent weeks, a new hacker group called Moses Staff has been recently claiming responsibility for multiple attacks against Israeli entities, where they have gaining access to networks and systems owned by Israeli organisations and encrypt the files on the systems before leaking copies of the stolen files to the public. Based on the attacks that they have conducted<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5617,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,9,2,7,1],"tags":[],"class_list":["post-5612","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/12\/Picture3-3.jpg?fit=1377%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5612"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=5612"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5612\/revisions"}],"predecessor-version":[{"id":5620,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5612\/revisions\/5620"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5617"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=5612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=5612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=5612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}