Moses Staff
Aliases: DEV-0500, Marigold Sandstorm
Moses Staff is a suspected Iranian threat group that has primarily targeted Israeli companies since at least September 2021. Moses Staff openly stated their motivation in attacking Israeli companies is to cause damage by leaking stolen sensitive data and encrypting the victim's networks without a ransom demand. Security researchers assess Moses Staff is politically motivated, and has targeted government, finance, travel, energy, manufacturing, and utility companies outside of Israel as well, including those in Italy, India, Germany, Chile, Turkey, the UAE, and the US.
Open interactive actor investigation
ATT&CK techniques
T1021.002
SMB/Windows Admin SharesT1016
System Network Configuration DiscoveryT1087.001
Local AccountT1082
System Information DiscoveryT1562.004
Disable or Modify System FirewallT1588.002
ToolT1505.003
Web ShellT1587.001
MalwareT1553.002
Code SigningT1027.013
Encrypted/Encoded FileT1105
Ingress Tool TransferT1190
Exploit Public-Facing Application
SMB/Windows Admin SharesT1016
System Network Configuration DiscoveryT1087.001
Local AccountT1082
System Information DiscoveryT1562.004
Disable or Modify System FirewallT1588.002
ToolT1505.003
Web ShellT1587.001
MalwareT1553.002
Code SigningT1027.013
Encrypted/Encoded FileT1105
Ingress Tool TransferT1190
Exploit Public-Facing Application