A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.
Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."
"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."
Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.
The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.
To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.
The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.
The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.
StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.
"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."
More articles
- Hacker Tools Mac
- Hack Tools For Games
- Nsa Hack Tools Download
- Best Hacking Tools 2020
- Nsa Hack Tools
- Hack Rom Tools
- Hack Tools For Ubuntu
- Hacking Tools For Windows 7
- Hacker Tools For Ios
- Hack Tools For Games
- Hacking Tools Name
- Pentest Recon Tools
- Pentest Tools Subdomain
- Hacker Tool Kit
- How To Install Pentest Tools In Ubuntu
- Hacking Tools Github
- Hack Tools For Mac
- Hack Tools Online
- Hacker Tools Windows
- Hack Tools For Pc
- Hacking Tools Software
- Hacking Tools Download
- Hacking Tools 2019
- Hackrf Tools
- Beginner Hacker Tools
- Pentest Tools Github
- Hack Tools For Mac
- Bluetooth Hacking Tools Kali
- Pentest Tools Free
- Pentest Tools Tcp Port Scanner
- Hack Tools Github
- Nsa Hacker Tools
- Pentest Tools Open Source
- Hack Tools Download
- Hacking Tools Mac
- Hacker Tools For Pc
- Pentest Recon Tools
- Hacking Tools 2020
- Hacker Tools Linux
- Tools Used For Hacking
- Hacking Tools For Pc
- Hacker Search Tools
- Hackrf Tools
- Hacker Tools For Ios
- Hacking Tools Github
- Hacking Tools For Mac
- Easy Hack Tools
- Hack Tool Apk No Root
- Usb Pentest Tools
- Hack Website Online Tool
- Pentest Tools For Mac
- Pentest Tools For Windows
- Tools For Hacker
- Pentest Tools For Android
- Hacking Tools Kit
- Hack Tools For Windows
- Pentest Tools Bluekeep
- Pentest Tools
- Best Hacking Tools 2020
- Best Hacking Tools 2019
- Hack Tools For Ubuntu
- Best Hacking Tools 2019
- Pentest Tools For Mac
- Hacking Tools For Windows Free Download
- Hacking Tools For Mac
- Hacking Tools 2019
- Hacking Apps
- Hack Tools 2019
- Hacking Tools 2020
- Hacker Search Tools
- Physical Pentest Tools
- What Are Hacking Tools
- Pentest Tools Nmap
- Hacker Tools 2019
- Easy Hack Tools
- How To Make Hacking Tools
- Hacking Tools
- Hack Tools Mac
- Pentest Tools List
- Hacking Tools Mac
- Hackrf Tools
- Hacking Tools Kit
- Hack Website Online Tool
- Nsa Hack Tools Download
- Hack Tools
- Wifi Hacker Tools For Windows
- Pentest Recon Tools
- Blackhat Hacker Tools
- Pentest Tools Url Fuzzer
- Tools For Hacker
- Hacker Tools Apk
- Pentest Tools Website
- Hackers Toolbox
- Black Hat Hacker Tools
- Black Hat Hacker Tools
- Hack Tools For Ubuntu
- Hacking Tools For Windows 7
- Hacks And Tools
- Pentest Tools Open Source
- Pentest Tools Free
No hay comentarios:
Publicar un comentario