Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 


An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.


Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More info
  1. Pentest Tools Linux
  2. Pentest Tools Kali Linux
  3. Hacking Tools Windows
  4. Kik Hack Tools
  5. Hacker Search Tools
  6. Hacker Tools For Windows
  7. Pentest Tools Nmap
  8. Pentest Reporting Tools
  9. Hacking Tools Usb
  10. Hacker Tools Free
  11. Kik Hack Tools
  12. Hack And Tools
  13. Hacker Tools List
  14. Hacks And Tools
  15. Hacking Tools Windows
  16. Hacking Tools For Games
  17. Tools Used For Hacking
  18. Pentest Tools Open Source
  19. Hacker Tools For Pc
  20. Hack Tool Apk
  21. Hacking Tools Pc
  22. Tools For Hacker
  23. Pentest Tools Website Vulnerability
  24. Usb Pentest Tools
  25. Hacker Tools Software
  26. Hacker Tools Online
  27. Hack Tools
  28. Pentest Box Tools Download
  29. Hack Tool Apk No Root
  30. Hack Tools Pc
  31. Github Hacking Tools
  32. Hacker Tools List
  33. Pentest Tools
  34. Hack Tools Download
  35. Hacking Tools Software
  36. Easy Hack Tools
  37. Hack Rom Tools
  38. Pentest Tools List
  39. Black Hat Hacker Tools
  40. Hacking Tools For Games
  41. Pentest Tools Tcp Port Scanner
  42. Hack App
  43. Hacking Tools Free Download
  44. Pentest Tools Android
  45. Hack Tools For Windows
  46. Hack Tools For Mac
  47. Ethical Hacker Tools
  48. Hacker Search Tools
  49. Growth Hacker Tools
  50. Hack Tools Mac
  51. Hacker Tools Github
  52. Hack Apps
  53. Hacker Tools Online
  54. Pentest Tools For Mac
  55. Hack Tools Mac
  56. Pentest Tools Apk
  57. Pentest Tools Port Scanner
  58. Hack Tools For Windows
  59. Tools For Hacker
  60. Tools Used For Hacking
  61. Hacking Tools
  62. Black Hat Hacker Tools
  63. Android Hack Tools Github
  64. World No 1 Hacker Software
  65. Hacker Tools Software
  66. Hack App
  67. Hacker Tool Kit
  68. Pentest Tools List
  69. Pentest Tools Open Source
  70. Hacking Tools Windows
  71. Github Hacking Tools
  72. Pentest Tools Find Subdomains
  73. Hack Website Online Tool
  74. How To Hack
  75. Pentest Tools Github
  76. Hacker Tools Mac
  77. Termux Hacking Tools 2019
  78. Hacker Tools Apk
  79. Hacking Tools Online
  80. Growth Hacker Tools
  81. Hacking App
  82. Tools Used For Hacking
  83. Best Pentesting Tools 2018
  84. Bluetooth Hacking Tools Kali
  85. New Hack Tools
  86. Hack Tools
  87. Hacking App
  88. Hacking Tools Usb
  89. Termux Hacking Tools 2019
  90. Hacking Tools Usb
  91. Hack Tools
  92. Hacking Tools
  93. Hacker Hardware Tools
  94. Hack Tools For Mac
  95. Hacker Techniques Tools And Incident Handling
  96. Hack Tools For Pc
  97. How To Install Pentest Tools In Ubuntu
  98. Hacker Tools
  99. Hacker Tools Software
  100. Pentest Tools Download
  101. Hacker Tools List
  102. Hacking Tools Windows 10
  103. Hacker Tools Software
  104. Hacker Hardware Tools
  105. Pentest Tools Open Source
  106. Hacker Tools Free Download
  107. Physical Pentest Tools
  108. Hack Website Online Tool
  109. Hacker Tools Mac
  110. Hack App
  111. Wifi Hacker Tools For Windows
  112. Top Pentest Tools
  113. Hacker Security Tools
  114. Hack Apps
  115. Pentest Tools Bluekeep
  116. Hack Tools
Diposting oleh SEMPAT di 22.09

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)