THREATOPS Actor Dossier
LIVE ← Dashboard

Moses Staff

G10090 reports
aliases · Moses Staff · DEV-0500 · Marigold Sandstorm
Export dossier:
0
Reports
0
Techniques
0
Tactics
0
Countries
n/a
Hunt coverage
3
Aliases

Analyst assessment — key judgments

  • No recorded activity: 0 report(s) in last 30d vs 0 prior (+0%).
  • Assessment confidence: n/a.

Activity & trend

InactiveLast 30d: 0 vs 0 prior (+0%)
0
7d
0
30d
0
90d
0
All
0.0
Rpts/wk
Reporting timeline · 12 months

Overview

Analyst triage
Intelligence summary

Moses Staff is a suspected Iranian threat group that has primarily targeted Israeli companies since at least September 2021. Moses Staff openly stated their motivation in attacking Israeli companies is to cause damage by leaking stolen sensitive data and encrypting the victim's networks without a ransom demand.(Citation: Checkpoint MosesStaff Nov 2021)

Security researchers assess Moses Staff is politically motivated, and has targeted government, finance, travel, energy, manufacturing, and utility companies outside of Israel as well, including those in Italy, India, Germany, Chile, Turkey, the UAE, and the US.(Citation: Cybereason StrifeWater Feb 2022)

Top co-occurring indicators
    Aliases & naming
      Targeting · countries
        Targeting · named victims

          ATT&CK technique matrix

          Coverage vs hunt library:
          Hunt-coverage gaps — prioritized

            Top techniques by observation
            • No ATT&CK techniques associated yet.

            Threat catalogue · engineering roadmap0

            Flagged detection-engineering queue

            Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.

              No techniques queued yet — flag a gap above to add it here.

              Infrastructure

              IOC type mix
              Tooling / malware families
                Tracked infrastructure

                Relationships

                Related actors (behavioral cluster)
                  Attributed malware
                  Campaigns
                  No behavioral cluster, attributed malware, or campaigns recorded for this actor yet.

                  Activity

                  30-day mention timeline
                  Recent reporting
                  TitleSourceSeverityCollected