An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
More articles
- Pentest Tools Subdomain
- Hacking Tools For Windows
- Hacker Tool Kit
- Hacking Tools Free Download
- Beginner Hacker Tools
- Pentest Recon Tools
- Android Hack Tools Github
- Hacking Tools Free Download
- Hacker Tools Free
- Pentest Tools List
- Hacker Hardware Tools
- Pentest Tools Review
- Hacking Tools Name
- Hacking Tools For Pc
- Underground Hacker Sites
- Game Hacking
- Ethical Hacker Tools
- Hack App
- Hack Tools
- Hacking Tools Free Download
- Hack Tools For Pc
- Game Hacking
- Pentest Box Tools Download
- Hak5 Tools
- Hacking Tools Windows
- Hacker Security Tools
- Github Hacking Tools
- Hacker Tools Free
- Hack Tools
- Hacker Tools For Windows
- Hacking Tools Software
- Hacking Tools For Games
- Hacking Tools Usb
- Pentest Tools List
- Hacker Tools
- Best Pentesting Tools 2018
- Hacker
- Hack Apps
- Hack Tools Mac
- Pentest Tools Bluekeep
- Hacks And Tools
- Pentest Tools Bluekeep
- Hacking Tools For Windows 7
- Hacking Tools For Windows Free Download
- Hack Tools Download
- Hacking Tools Github
- Nsa Hacker Tools
- Pentest Tools For Android
- Hack Website Online Tool
- Hacking Tools Download
- Hacking Tools Free Download
- Hacks And Tools
- Hack App
- Hacking Tools Online
- Hack Tools For Games
- Pentest Tools Github
- Ethical Hacker Tools
- Hack Rom Tools
- Hackrf Tools
- Underground Hacker Sites
- Hacker Tools For Windows
- Hacking Tools For Pc
- Hacker Tools 2020
- Hacking Tools Windows
- Hacking Tools 2019
- Pentest Tools List
- Pentest Tools
- Pentest Tools For Mac
- Hacker Tools Apk Download
- Pentest Tools Framework
- Hack Apps
- Hacker Tools 2020
- Pentest Recon Tools
- Beginner Hacker Tools
- Pentest Tools For Ubuntu
- Pentest Recon Tools
- Hack App
- What Are Hacking Tools
- New Hack Tools
- Hacker Tools Free
- Hacking Tools Software
- Hacker Tools Online
- Pentest Box Tools Download
- Hack Rom Tools
- Hacking Tools Free Download
- Hacker Tools Mac
- Underground Hacker Sites
- Hacking Tools Windows 10
- Hacking Tools Hardware
- Black Hat Hacker Tools
- Pentest Tools Review
- Hack Tools Online
- Hack Tools Github
- Hacking Tools And Software
- Hacking Tools Mac
- Hack And Tools
- What Is Hacking Tools
- Hack And Tools
- Hack Tools For Mac
- Hack Tools For Mac
- Pentest Tools Android
- Pentest Tools Github
- Top Pentest Tools
- Hacker
- Top Pentest Tools
- Hacker Tools Mac
- Pentest Tools Windows
- Hack Rom Tools
- Hacking Tools Mac
- How To Hack
- Pentest Tools For Ubuntu
- Hackrf Tools
- Pentest Tools For Ubuntu
- Hacking Tools Kit
- Nsa Hack Tools Download
- Easy Hack Tools
- Hacker Tools Apk
- Hacker Tools Mac
- Pentest Tools Github
- Hackrf Tools
- Hacking Tools
- Bluetooth Hacking Tools Kali
- How To Make Hacking Tools
- Hack Tools Github
- Pentest Tools Online
- Pentest Box Tools Download
- Hack Tools Mac
- Pentest Tools For Windows
- Pentest Tools Subdomain
- Free Pentest Tools For Windows
- Hacking Tools For Games
- Hacker Tools For Ios
- Tools For Hacker
- Pentest Tools Tcp Port Scanner
- Hacker Tools Mac
- Pentest Tools Nmap
- Hacker Tools Free Download
- Pentest Tools Free
- Hacking Tools Github
- Pentest Tools Tcp Port Scanner
- Hacker Tools Free
- Hacker Hardware Tools
- Nsa Hacker Tools
- Pentest Tools Url Fuzzer
- Usb Pentest Tools
No comments:
Post a Comment