Israeli Entities Targeted by the New Politically-motivated “Moses Staff” Hacking Group

Moses Staff, a new cybercrime organization, has recently taken credit for multiple attacks targeting Israeli companies, which appear to be politically motivated since no ransom requests are made.

In the last few months, cybercriminals have frequently impacted Israeli companies by infiltrating systems, encrypting files, and then making the stolen information public.

Yesterday, Check Point security specialists issued a comprehensive report on Moses Staff, delving into the gangs’ methods, infection chain, and toolkit.

As explained by BleepingComputer, the newly formed political hacker group seems to be employing publicly available exploits for known security issues that remain unfixed on public-facing infrastructure.

How Does It Work?

After breaching the enterprise servers and gaining initial access, the hackers will employ PsExec, WMIC, and Powershell to move laterally through the network, avoiding the usage of backdoors.

The hacker finally encrypts machines with a custom PyDCrypt virus that uses DiskCryptor, a free and open-source full disk encryption system for Microsoft Windows that allows for the encryption of a PC’s entire hard drive or individual partitions. This tool is available on GitHub.


According to CheckPoint researchers, the encrypted files can be recovered under certain conditions because the encryption strategy encrypts devices using symmetric key generation.

Read More: