MosesStaff is a threat actor attributed to IR, also known as Cobalt Sapling, White Dev 95, DEV-0500. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does MosesStaff exploit?

MosesStaff is known to exploit 2 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

MosesStaff

Also known as: Cobalt Sapling, White Dev 95, DEV-0500, Vengeful Kitten, Moses Staff, G1009, Marigold Sandstorm, Abraham's Ax, VENGEFUL KITTEN

IRSabotage and destruction

Exploited CVEs

Overview

Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies by leaking sensitive, stolen data.

Exploited Vulnerabilities

CVE ID	Action
CVE-2014-7169	View Details