G1009

G1009Moses Staff

Description

[Moses Staff](https://attack.mitre.org/groups/G1009) is a suspected Iranian threat group that has primarily targeted Israeli companies since at least September 2021. [Moses Staff](https://attack.mitre.org/groups/G1009) openly stated their motivation in attacking Israeli companies is to cause damage by leaking stolen sensitive data and encrypting the victim's networks without a ransom demand.(Citation: Checkpoint MosesStaff Nov 2021) Security researchers assess [Moses Staff](https://attack.mitre.org/groups/G1009) is politically motivated, and has targeted government, finance, travel, energy, manufacturing, and utility companies outside of Israel as well, including those in Italy, India, Germany, Chile, Turkey, the UAE, and the US.(Citation: Cybereason StrifeWater Feb 2022)

References

  1. https://attack.mitre.org/groups/G1009
  2. https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/
  3. https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations

Software attributed to this3

TypeTargetConfidenceTier
SoftwareStrifeWaters1034100%live
SoftwareDCSrvs1033100%live
SoftwarePyDCrypts103295%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
MosesStaff
Group
POLONIUM
Group
HEXANE
Group
MuddyWater
Group
Molerats
Group
Leafminer
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.