Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Related news

• Hacking Tools Github
• Pentest Tools Download
• Hack Tools
• Hacker Search Tools
• Hack Tools For Games
• Hacking Tools Pc
• Pentest Box Tools Download
• Pentest Tools Windows
• Pentest Tools Website
• Nsa Hack Tools
• Termux Hacking Tools 2019
• Best Hacking Tools 2020
• Pentest Tools Open Source
• Nsa Hack Tools Download
• Pentest Tools For Windows
• Hack Tools For Pc
• Hacking Tools For Mac
• Hacker Tools For Windows
• Hacker Tools Apk Download
• Pentest Tools Android
• Pentest Tools Kali Linux
• Tools Used For Hacking
• Pentest Automation Tools
• Pentest Tools Open Source
• Hacker Tools Free Download
• Underground Hacker Sites
• Hacking Tools For Beginners
• Hack Tools Online
• Hack Tools For Windows
• World No 1 Hacker Software
• Pentest Tools Subdomain
• Hacking App
• Hacking Tools Name
• Hack Tools Pc
• Pentest Reporting Tools
• Best Hacking Tools 2020
• Github Hacking Tools
• Hack Tools Mac
• Hacker Security Tools
• Hacker Tools Mac
• Best Pentesting Tools 2018
• Usb Pentest Tools
• Ethical Hacker Tools
• Kik Hack Tools
• Pentest Tools Port Scanner
• Hacker Tools Linux
• Pentest Tools Website
• Pentest Tools Bluekeep
• Hacker Tools Software
• Pentest Tools Framework
• Pentest Reporting Tools
• Hacking Tools For Beginners
• Pentest Tools Nmap
• Hacker Tools Github
• Bluetooth Hacking Tools Kali
• Hacking Tools Kit
• Hacking Tools For Pc
• Pentest Tools For Mac
• Hacking Tools Kit
• Hacker Tools Mac
• Hacking Tools For Windows
• Hack Tool Apk No Root
• Hacking Tools For Games
• Nsa Hack Tools
• Hacking Tools For Windows Free Download
• Hacking Tools And Software
• Hacking Tools Github
• Pentest Tools
• Black Hat Hacker Tools
• Pentest Tools For Mac
• Hacking Tools Github
• Hacker Tools For Windows
• Github Hacking Tools
• Hacker Tools 2020
• Hacker Tools
• Best Hacking Tools 2020
• Best Hacking Tools 2019
• Hacker Tools Mac
• How To Make Hacking Tools
• Hackers Toolbox
• Hacking Tools Download
• Hacking Tools Kit
• Hacking Tools Download
• Hack Tool Apk No Root
• Hacker Tools Windows
• Hacking Tools For Windows 7
• Hacking Tools For Pc
• Hack Tools Pc
• Hacking Tools For Beginners
• Hack Tools Github
• How To Hack
• Hacker Tools For Mac
• Pentest Tools Framework
• Hack Tools For Ubuntu
• Pentest Tools Apk
• Ethical Hacker Tools
• Hacker Hardware Tools
• Hacker Tools Online
• Hacking Apps
• Hak5 Tools
• Hacker Tools For Ios
• Hacker Tools Linux
• Hacking Tools Windows 10
• Hacking Tools For Games
• Hacker Tools Apk
• Pentest Reporting Tools
• Hack Website Online Tool
• Hacking Tools And Software
• Free Pentest Tools For Windows
• Hacking Tools Windows 10
• Hacker Tools For Mac
• Pentest Tools Free
• Hack Tools 2019
• Easy Hack Tools
• Github Hacking Tools
• Bluetooth Hacking Tools Kali
• Hacker Tools Windows
• Hacker Tools For Windows
• Hacker Tools For Windows
• Hackers Toolbox
• Best Hacking Tools 2020
• Hacker Tools Apk Download
• Hack Tools Github
• Hacking Tools Usb
• Pentest Tools Website Vulnerability
• Hacking Tools Online
• Pentest Tools Framework
• Hacks And Tools
• Best Pentesting Tools 2018

Tweet

Postingan terkait:

Ditulis ceo.rss — Kamis, 01 Juni 2023 — Add Comment