A new politically-motivated hacker group named “Moses Staff” has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom.
“The group openly states that their motivation in attacking Israeli companies is to cause damage by leaking the stolen sensitive data and encrypting the victim’s networks, with no ransom demand,” Check Point Research said in a report published Monday. “In the language of the attackers, their purpose is to ‘Fight against the resistance and expose the crimes of the Zionists in the occupied territories.'”
At least 16 victims have had their data leaked to date, according to stats released by the collective.
The threat actor is said to leverage publicly known vulnerabilities as a means to breach enterprise servers and gain initial access, following it up with the deployment of a custom web shell that’s used to drop additional malware. Once inside, the intruders take advantage of living-off-the-land (LotL) techniques to laterally move across the network and deploy malware to lock the machines behind encryption barriers via a specially-crafted PyDCrypt malware.
images from Hacker News