New Moses Staff hacking group targets Israeli organizations
Recently a new hacking group has been seen targeting Israeli organizations and the new hacking group which calls itself The Moses Staff has gained access to victims networks and once inside they have stolen sensitive data before encrypting the victims systems. No ransom has been demanded and industry experts believe the group is politically motivated. This claim that the group openly admits is true, stating that they fight against the crimes of the Zionists in the occupied territories
So far, at least 16 victims have been identified, including a number of engineering companies and the Israeli Defense Ministry. The group reportedly uses vulnerabilities that are publicly known but not patched by victim companies for breaching servers and gaining access. Once they are in the system they use web shells to deploy malware and move laterally across the network with the help of PsExec, WMIC and powershell, eventually the actor use a custom PyDCrypt malware that utilizes Disk Cryptor an open source disk encryption tool to encrypts the victims devices
Although cyber industry experts have not attributed the attacks to any particular country it has been noted that some toolsets were present months before the first attack on VirusTotal originating from Palestine, it is the third entity of its kind to have attacked Israeli organizations exclusively after the Pay2Key and Black Shadow groups both believed to be working from Iran
It first appeared on Twitter in October then the group began publishing its leaked data on its Telegram channel in November claiming to have targeted more than 257 websites and theft of data and documents amounting to 34 terabytes
Recently Telegram has tried to prevent hacking groups from using its platform to pass on stolen data and such as Black Shadow and Pay2Key Moses Staff has now had its Telegram channel banned Twitter is yet to follow the example of Telegram
This new group arrives at a time of heightened tension between Iran and Israel after Iran accused Israel and the United States of being behind a cyber attack on Iran’s fuel distribution last month that caused chaos. Israel, meanwhile, has accused Iran of a number of recent cyber attacks seen as revenge
Much like previous hacking groups that appear this new hacking group targets Israeli organizations and will likely sink below the surface again to be replaced by another malicious group, let us hope that our government has learned from latest attacks and is ready to protect us for the next one