Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More articles

1. Pentest Tools Subdomain
2. Hacking Tools For Windows
3. Hacker Tool Kit
4. Hacking Tools Free Download
5. Beginner Hacker Tools
6. Pentest Recon Tools
7. Android Hack Tools Github
8. Hacking Tools Free Download
9. Hacker Tools Free
10. Pentest Tools List
11. Hacker Hardware Tools
12. Pentest Tools Review
13. Hacking Tools Name
14. Hacking Tools For Pc
15. Underground Hacker Sites
16. Game Hacking
17. Ethical Hacker Tools
18. Hack App
19. Hack Tools
20. Hacking Tools Free Download
21. Hack Tools For Pc
22. Game Hacking
23. Pentest Box Tools Download
24. Hak5 Tools
25. Hacking Tools Windows
26. Hacker Security Tools
27. Github Hacking Tools
28. Hacker Tools Free
29. Hack Tools
30. Hacker Tools For Windows
31. Hacking Tools Software
32. Hacking Tools For Games
33. Hacking Tools Usb
34. Pentest Tools List
35. Hacker Tools
36. Best Pentesting Tools 2018
37. Hacker
38. Hack Apps
39. Hack Tools Mac
40. Pentest Tools Bluekeep
41. Hacks And Tools
42. Pentest Tools Bluekeep
43. Hacking Tools For Windows 7
44. Hacking Tools For Windows Free Download
45. Hack Tools Download
46. Hacking Tools Github
47. Nsa Hacker Tools
48. Pentest Tools For Android
49. Hack Website Online Tool
50. Hacking Tools Download
51. Hacking Tools Free Download
52. Hacks And Tools
53. Hack App
54. Hacking Tools Online
55. Hack Tools For Games
56. Pentest Tools Github
57. Ethical Hacker Tools
58. Hack Rom Tools
59. Hackrf Tools
60. Underground Hacker Sites
61. Hacker Tools For Windows
62. Hacking Tools For Pc
63. Hacker Tools 2020
64. Hacking Tools Windows
65. Hacking Tools 2019
66. Pentest Tools List
67. Pentest Tools
68. Pentest Tools For Mac
69. Hacker Tools Apk Download
70. Pentest Tools Framework
71. Hack Apps
72. Hacker Tools 2020
73. Pentest Recon Tools
74. Beginner Hacker Tools
75. Pentest Tools For Ubuntu
76. Pentest Recon Tools
77. Hack App
78. What Are Hacking Tools
79. New Hack Tools
80. Hacker Tools Free
81. Hacking Tools Software
82. Hacker Tools Online
83. Pentest Box Tools Download
84. Hack Rom Tools
85. Hacking Tools Free Download
86. Hacker Tools Mac
87. Underground Hacker Sites
88. Hacking Tools Windows 10
89. Hacking Tools Hardware
90. Black Hat Hacker Tools
91. Pentest Tools Review
92. Hack Tools Online
93. Hack Tools Github
94. Hacking Tools And Software
95. Hacking Tools Mac
96. Hack And Tools
97. What Is Hacking Tools
98. Hack And Tools
99. Hack Tools For Mac
100. Hack Tools For Mac
101. Pentest Tools Android
102. Pentest Tools Github
103. Top Pentest Tools
104. Hacker
105. Top Pentest Tools
106. Hacker Tools Mac
107. Pentest Tools Windows
108. Hack Rom Tools
109. Hacking Tools Mac
110. How To Hack
111. Pentest Tools For Ubuntu
112. Hackrf Tools
113. Pentest Tools For Ubuntu
114. Hacking Tools Kit
115. Nsa Hack Tools Download
116. Easy Hack Tools
117. Hacker Tools Apk
118. Hacker Tools Mac
119. Pentest Tools Github
120. Hackrf Tools
121. Hacking Tools
122. Bluetooth Hacking Tools Kali
123. How To Make Hacking Tools
124. Hack Tools Github
125. Pentest Tools Online
126. Pentest Box Tools Download
127. Hack Tools Mac
128. Pentest Tools For Windows
129. Pentest Tools Subdomain
130. Free Pentest Tools For Windows
131. Hacking Tools For Games
132. Hacker Tools For Ios
133. Tools For Hacker
134. Pentest Tools Tcp Port Scanner
135. Hacker Tools Mac
136. Pentest Tools Nmap
137. Hacker Tools Free Download
138. Pentest Tools Free
139. Hacking Tools Github
140. Pentest Tools Tcp Port Scanner
141. Hacker Tools Free
142. Hacker Hardware Tools
143. Nsa Hacker Tools
144. Pentest Tools Url Fuzzer
145. Usb Pentest Tools