Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 


An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.


Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More articles


  1. Pentest Tools Subdomain
  2. Hacking Tools For Windows
  3. Hacker Tool Kit
  4. Hacking Tools Free Download
  5. Beginner Hacker Tools
  6. Pentest Recon Tools
  7. Android Hack Tools Github
  8. Hacking Tools Free Download
  9. Hacker Tools Free
  10. Pentest Tools List
  11. Hacker Hardware Tools
  12. Pentest Tools Review
  13. Hacking Tools Name
  14. Hacking Tools For Pc
  15. Underground Hacker Sites
  16. Game Hacking
  17. Ethical Hacker Tools
  18. Hack App
  19. Hack Tools
  20. Hacking Tools Free Download
  21. Hack Tools For Pc
  22. Game Hacking
  23. Pentest Box Tools Download
  24. Hak5 Tools
  25. Hacking Tools Windows
  26. Hacker Security Tools
  27. Github Hacking Tools
  28. Hacker Tools Free
  29. Hack Tools
  30. Hacker Tools For Windows
  31. Hacking Tools Software
  32. Hacking Tools For Games
  33. Hacking Tools Usb
  34. Pentest Tools List
  35. Hacker Tools
  36. Best Pentesting Tools 2018
  37. Hacker
  38. Hack Apps
  39. Hack Tools Mac
  40. Pentest Tools Bluekeep
  41. Hacks And Tools
  42. Pentest Tools Bluekeep
  43. Hacking Tools For Windows 7
  44. Hacking Tools For Windows Free Download
  45. Hack Tools Download
  46. Hacking Tools Github
  47. Nsa Hacker Tools
  48. Pentest Tools For Android
  49. Hack Website Online Tool
  50. Hacking Tools Download
  51. Hacking Tools Free Download
  52. Hacks And Tools
  53. Hack App
  54. Hacking Tools Online
  55. Hack Tools For Games
  56. Pentest Tools Github
  57. Ethical Hacker Tools
  58. Hack Rom Tools
  59. Hackrf Tools
  60. Underground Hacker Sites
  61. Hacker Tools For Windows
  62. Hacking Tools For Pc
  63. Hacker Tools 2020
  64. Hacking Tools Windows
  65. Hacking Tools 2019
  66. Pentest Tools List
  67. Pentest Tools
  68. Pentest Tools For Mac
  69. Hacker Tools Apk Download
  70. Pentest Tools Framework
  71. Hack Apps
  72. Hacker Tools 2020
  73. Pentest Recon Tools
  74. Beginner Hacker Tools
  75. Pentest Tools For Ubuntu
  76. Pentest Recon Tools
  77. Hack App
  78. What Are Hacking Tools
  79. New Hack Tools
  80. Hacker Tools Free
  81. Hacking Tools Software
  82. Hacker Tools Online
  83. Pentest Box Tools Download
  84. Hack Rom Tools
  85. Hacking Tools Free Download
  86. Hacker Tools Mac
  87. Underground Hacker Sites
  88. Hacking Tools Windows 10
  89. Hacking Tools Hardware
  90. Black Hat Hacker Tools
  91. Pentest Tools Review
  92. Hack Tools Online
  93. Hack Tools Github
  94. Hacking Tools And Software
  95. Hacking Tools Mac
  96. Hack And Tools
  97. What Is Hacking Tools
  98. Hack And Tools
  99. Hack Tools For Mac
  100. Hack Tools For Mac
  101. Pentest Tools Android
  102. Pentest Tools Github
  103. Top Pentest Tools
  104. Hacker
  105. Top Pentest Tools
  106. Hacker Tools Mac
  107. Pentest Tools Windows
  108. Hack Rom Tools
  109. Hacking Tools Mac
  110. How To Hack
  111. Pentest Tools For Ubuntu
  112. Hackrf Tools
  113. Pentest Tools For Ubuntu
  114. Hacking Tools Kit
  115. Nsa Hack Tools Download
  116. Easy Hack Tools
  117. Hacker Tools Apk
  118. Hacker Tools Mac
  119. Pentest Tools Github
  120. Hackrf Tools
  121. Hacking Tools
  122. Bluetooth Hacking Tools Kali
  123. How To Make Hacking Tools
  124. Hack Tools Github
  125. Pentest Tools Online
  126. Pentest Box Tools Download
  127. Hack Tools Mac
  128. Pentest Tools For Windows
  129. Pentest Tools Subdomain
  130. Free Pentest Tools For Windows
  131. Hacking Tools For Games
  132. Hacker Tools For Ios
  133. Tools For Hacker
  134. Pentest Tools Tcp Port Scanner
  135. Hacker Tools Mac
  136. Pentest Tools Nmap
  137. Hacker Tools Free Download
  138. Pentest Tools Free
  139. Hacking Tools Github
  140. Pentest Tools Tcp Port Scanner
  141. Hacker Tools Free
  142. Hacker Hardware Tools
  143. Nsa Hacker Tools
  144. Pentest Tools Url Fuzzer
  145. Usb Pentest Tools

No comments:

Post a Comment