The threat actor known as Cobalt Sapling was spotted targeting Saudi Arabia by creating a new sub-group dubbed Abraham’s Ax. Researchers also found a connection between Moses Staff and Abraham’s Ax. Both rely on the same custom cryptographic wiper malware for encrypting the victim’s data. To stay protected, experts recommend organizations audit the access controls by leveraging the available IOCs.