Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Related articles

1. Hacking Tools Usb
2. Pentest Tools Nmap
3. Pentest Tools Url Fuzzer
4. Hack Tool Apk No Root
5. Hacking Tools Kit
6. Hack Tools For Ubuntu
7. Hackers Toolbox
8. What Is Hacking Tools
9. Black Hat Hacker Tools
10. Pentest Tools Kali Linux
11. Hack Apps
12. Pentest Tools Online
13. Hack And Tools
14. Hack Website Online Tool
15. Pentest Tools Android
16. Hacker Tools Apk Download
17. Usb Pentest Tools
18. How To Hack
19. Hack Apps
20. Hack Tools 2019
21. Hacking Tools For Beginners
22. Hacker Tool Kit
23. Pentest Tools For Windows
24. Hack Tools For Ubuntu
25. Pentest Tools Free
26. Pentest Tools Nmap
27. Hacking Tools Windows 10
28. Pentest Tools Online
29. Pentest Tools Bluekeep
30. Hacking Apps
31. World No 1 Hacker Software
32. Hackrf Tools
33. New Hacker Tools
34. What Are Hacking Tools
35. Hacking Tools For Games
36. Computer Hacker
37. Hacking Tools Download
38. Hacker Tools For Ios
39. Pentest Tools Apk
40. Hacker Tools Free
41. Pentest Tools Bluekeep
42. Hacking Tools Online
43. Hacker Tools Online
44. Hacking Tools For Windows 7
45. Pentest Tools Tcp Port Scanner
46. Hacking Tools Hardware
47. Pentest Tools Review
48. Top Pentest Tools
49. Hacker Tools List
50. Best Pentesting Tools 2018
51. Best Pentesting Tools 2018
52. Hack Tools Download
53. Hack Tools
54. Tools Used For Hacking
55. Hacking Tools Usb
56. Hacking Tools Download
57. Black Hat Hacker Tools
58. Hacking Tools And Software
59. Tools For Hacker
60. Hacker Tools For Windows
61. Bluetooth Hacking Tools Kali
62. Computer Hacker
63. Hacker Tools Free
64. Hack Rom Tools
65. Best Hacking Tools 2020
66. Computer Hacker
67. Game Hacking
68. Easy Hack Tools
69. Hacker Hardware Tools
70. Underground Hacker Sites
71. Hacker Tools
72. Best Hacking Tools 2020
73. Hacker Tools Hardware
74. Hacker Search Tools
75. Hacks And Tools
76. Hack Tools 2019
77. Pentest Reporting Tools
78. Hacker Tools For Mac
79. Hacking Tools For Windows Free Download
80. Hacking Tools For Windows 7
81. Bluetooth Hacking Tools Kali
82. Pentest Tools Bluekeep
83. How To Hack
84. Hacking Tools For Pc
85. Hacker
86. Tools 4 Hack
87. Hacker Security Tools
88. Pentest Tools Find Subdomains
89. New Hacker Tools
90. Hacking Apps
91. Hak5 Tools
92. Hacking Tools Windows 10
93. Hacking Tools Usb
94. Hacking Tools Online
95. Pentest Tools Bluekeep
96. Hacker Tools Free Download
97. Hacker Tools For Pc
98. Hacking Tools Windows
99. Pentest Tools For Android
100. Hacking Tools Online
101. Pentest Tools Open Source
102. Hack Tools For Windows
103. Hack Tools 2019
104. Pentest Tools Framework
105. Pentest Automation Tools
106. New Hack Tools
107. Pentest Tools Nmap
108. Pentest Tools Find Subdomains
109. Pentest Tools Android
110. Pentest Tools Apk
111. Hacking Tools Hardware
112. Physical Pentest Tools
113. How To Make Hacking Tools
114. Underground Hacker Sites
115. Hacking Tools 2020
116. Hacker Tools List
117. Hacking Tools Online
118. Hack Tools
119. Hacker Tools For Ios
120. Hacker Tools
121. Hacking Tools For Kali Linux
122. Beginner Hacker Tools
123. Hack Tools Online