IRG1009

MosesStaffMosesStaff

Also known as: Moses Staff · Marigold Sandstorm · DEV-0500 · VENGEFUL KITTEN · MosesStaff

Origin
IR
Known aliases
5

Profile

MosesStaff is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Moses Staff, Marigold Sandstorm, DEV-0500 (and 1 more). Original record: Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies by leaking sensitive, stolen data.

Aliases· 5

Moses StaffMarigold SandstormDEV-0500VENGEFUL KITTENMosesStaff

MITRE ATT&CK Group crosswalk

G1009

References

  1. https://twitter.com/campuscodi/status/1450455259202166799
  2. https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/
  3. https://www.cybereason.com/blog/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations
  4. https://www.fortinet.com/blog/threat-research/guard-your-drive-from-driveguard

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Moses Staff
Actor
Molerats
Actor
DEV-0270
Actor
Gray Sandstorm
Actor
CopyKittens
Actor
Cuboid Sandstorm
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.