New hacker group targeting Israeli organisations

A new faction of politically motivated hackers, known by the pseudonym ‘Moses Staff’, has recently been revealed to have been behind a series of cyber attacks targeting Israeli organisations since September of this year. They aim to leak sensitive information belonging to these organisations and then encrypt their networks, with no option to negotiate a ransom or regain access or control of their networks.  

The group has openly stated their motivation, which is to attack Israeli companies to cause damage by leaking stolen data and encrypting victims' networks. However, they do not demand any ransom. Their sole purpose is to expose the crimes of Zionists in the Israeli occupied territories.  

According to reports sixteen victims have had their data leaked to date. The hackers are thought to be using known vulnerabilities that remain unpatched on public-facing infrastructure to gain initial access and then following up with the deployment of custom web-shell malware. Once inside, the hackers being the task of locking the network with encryption barriers. The main goal being, to disrupt operations and inflict irreversible damage to their victims. That being said, encrypted files can still be recovered under certain circumstances since the group uses a symmetric key mechanism to generate encryption keys.  

So far, cyber analysts have been unable to pinpoint the origin of the group to a specific region and it is also unknown whether or not they are a state-sponsored group. However, one of the malware samples used in an attack by Moses Staff was uploaded to VirusTotal (a tool that can detect malicious content) from Palestine several months before the start of the attacks. 

Moses Staff publicises their attacks on Twitter and their website claims they have targeted over 257 websites and stolen over 30 terabytes of data and documents. The group has also used their website to urge outside parties to join them in exposing the crimes committed by Zionists in occupied Palestine. 

The vulnerabilities exploited by the group are not zero-day so; therefore all potential victims can protect themselves by patching any flaws to publicly-facing systems. The group remains active and intends to keep pushing its proactive messages and videos on its social network accounts.  

Whilst many consider the actions of this group of hackers malicious, some may see it as a stepping stone to exposing the truth about what is really happening in the Israeli occupied territories. Cyber breaches can be used for harm but also as a practical non-violent form of protest to send a message to the masses. In this case, it depends on how an individual views the incident in question and what side of the conflict they reside on.