Cyber Threat Actor: Moses Staff
| Actor Type | Location | Known Incidents |
Spy
|
Iran
|
1 incident |
|---|
Profile
Moses Staff isan Iranian hacking group known by that alias. The group has been observed targeting Israeli closed‑circuit television cameras. Their operations include gaining prolonged control over devices located near sensitive sites. Specific targets mentioned in public reports are a Rafael defense contractor factory in Haifa, an arms facility, and cameras in Jerusalem and Tel Aviv. The attackers also captured footage of a terror attack aftermath in Jerusalem. Moses Staff used a Telegram channel to distribute the previously unseen video material. The group claimed that it had been conducting surveillance of Israel for years and intended to strike unexpectedly. Security authorities acknowledged awareness of the intrusions but stated they did not intervene because the compromised cameras were civilian and not linked to critical security infrastructure.
Despite that statement, investigators noted that the monitored feeds included views of senior Israeli officials. The intrusion method involved exploiting vulnerabilities in the CCTV systems to obtain persistent access. No specific malware families or custom tools were described in the available sources. The activity is publicly attributed to an Iranian‑based actor, with the location noted as Iran. The 2021‑2022 campaign represents the most detailed public example of Moses Staff’s operational pattern. By publishing the footage, the group sought to demonstrate its access and to signal its capability to monitor strategic locations. The incident prompted discussion about the security of civilian surveillance networks in conflict zones. No additional public operations beyond the described CCTV compromise have been attributed to Moses Staff.
