MosesStaff  (Back to overview)

aka: DEV-0500, Marigold Sandstorm, Moses Staff

Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies by leaking sensitive, stolen data.

Associated Families

2023-10-16Kaspersky LabsGReAT
A hack in hand is worth two in the bush
StrifeWater RAT Cyber Av3ngers
2023-01-26SecureworksSecureWorks' Counter Threat Unit Research Team
Abraham's Ax Likely Linked to Moses Staff
StrifeWater RAT
2022-02-15FortinetRotem Sde-Or
Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months
StrifeWater RAT MosesStaff
2022-02-01CybereasonTom Fakterman
StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations
StrifeWater RAT MosesStaff
2021-11-15Check Point ResearchCheck Point Research
Uncovering MosesStaff techniques: Ideology over Money
DCSrv MosesStaff
2021-10-19Twitter (@campuscodi)Catalin Cimpanu
Tweet on Moses Staff

Credits: MISP Project