Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Related articles- Hacking Tools Usb
- Pentest Tools Nmap
- Pentest Tools Url Fuzzer
- Hack Tool Apk No Root
- Hacking Tools Kit
- Hack Tools For Ubuntu
- Hackers Toolbox
- What Is Hacking Tools
- Black Hat Hacker Tools
- Pentest Tools Kali Linux
- Hack Apps
- Pentest Tools Online
- Hack And Tools
- Hack Website Online Tool
- Pentest Tools Android
- Hacker Tools Apk Download
- Usb Pentest Tools
- How To Hack
- Hack Apps
- Hack Tools 2019
- Hacking Tools For Beginners
- Hacker Tool Kit
- Pentest Tools For Windows
- Hack Tools For Ubuntu
- Pentest Tools Free
- Pentest Tools Nmap
- Hacking Tools Windows 10
- Pentest Tools Online
- Pentest Tools Bluekeep
- Hacking Apps
- World No 1 Hacker Software
- Hackrf Tools
- New Hacker Tools
- What Are Hacking Tools
- Hacking Tools For Games
- Computer Hacker
- Hacking Tools Download
- Hacker Tools For Ios
- Pentest Tools Apk
- Hacker Tools Free
- Pentest Tools Bluekeep
- Hacking Tools Online
- Hacker Tools Online
- Hacking Tools For Windows 7
- Pentest Tools Tcp Port Scanner
- Hacking Tools Hardware
- Pentest Tools Review
- Top Pentest Tools
- Hacker Tools List
- Best Pentesting Tools 2018
- Best Pentesting Tools 2018
- Hack Tools Download
- Hack Tools
- Tools Used For Hacking
- Hacking Tools Usb
- Hacking Tools Download
- Black Hat Hacker Tools
- Hacking Tools And Software
- Tools For Hacker
- Hacker Tools For Windows
- Bluetooth Hacking Tools Kali
- Computer Hacker
- Hacker Tools Free
- Hack Rom Tools
- Best Hacking Tools 2020
- Computer Hacker
- Game Hacking
- Easy Hack Tools
- Hacker Hardware Tools
- Underground Hacker Sites
- Hacker Tools
- Best Hacking Tools 2020
- Hacker Tools Hardware
- Hacker Search Tools
- Hacks And Tools
- Hack Tools 2019
- Pentest Reporting Tools
- Hacker Tools For Mac
- Hacking Tools For Windows Free Download
- Hacking Tools For Windows 7
- Bluetooth Hacking Tools Kali
- Pentest Tools Bluekeep
- How To Hack
- Hacking Tools For Pc
- Hacker
- Tools 4 Hack
- Hacker Security Tools
- Pentest Tools Find Subdomains
- New Hacker Tools
- Hacking Apps
- Hak5 Tools
- Hacking Tools Windows 10
- Hacking Tools Usb
- Hacking Tools Online
- Pentest Tools Bluekeep
- Hacker Tools Free Download
- Hacker Tools For Pc
- Hacking Tools Windows
- Pentest Tools For Android
- Hacking Tools Online
- Pentest Tools Open Source
- Hack Tools For Windows
- Hack Tools 2019
- Pentest Tools Framework
- Pentest Automation Tools
- New Hack Tools
- Pentest Tools Nmap
- Pentest Tools Find Subdomains
- Pentest Tools Android
- Pentest Tools Apk
- Hacking Tools Hardware
- Physical Pentest Tools
- How To Make Hacking Tools
- Underground Hacker Sites
- Hacking Tools 2020
- Hacker Tools List
- Hacking Tools Online
- Hack Tools
- Hacker Tools For Ios
- Hacker Tools
- Hacking Tools For Kali Linux
- Beginner Hacker Tools
- Hack Tools Online
0 Comments:
Post a Comment
<< Home