Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Continue reading

1. Beginner Hacker Tools
2. Android Hack Tools Github
3. Hacking Tools Download
4. Hacking App
5. Tools 4 Hack
6. Pentest Tools Website Vulnerability
7. Pentest Tools For Android
8. Hack Tool Apk No Root
9. Pentest Tools Alternative
10. Android Hack Tools Github
11. Hacker Tools List
12. Hacker Hardware Tools
13. Hacking Tools Free Download
14. Hacking Tools And Software
15. Pentest Tools Framework
16. Hacker Tools Github
17. Hacker Tools List
18. Pentest Tools Open Source
19. Pentest Tools
20. Hack Tool Apk
21. Hack Tools Online
22. Hacking Tools Kit
23. Hacking Tools Download
24. Hacking Tools Name
25. Pentest Tools
26. Tools For Hacker
27. Hack Tools For Mac
28. Pentest Tools Review
29. Tools 4 Hack
30. Pentest Tools For Android
31. Pentest Tools Download
32. Hacking Tools Windows 10
33. Pentest Tools Online
34. Hacker Tool Kit
35. Hacker Tools For Ios
36. Pentest Tools Github
37. Hacker Tools For Mac
38. Hack Tools For Mac
39. Hacker Tools Free Download
40. Pentest Box Tools Download
41. Easy Hack Tools
42. Pentest Box Tools Download
43. Hacker Search Tools
44. Hak5 Tools
45. Hack Tools Pc
46. Hacker Tools Mac
47. Growth Hacker Tools
48. Pentest Tools For Android
49. Best Hacking Tools 2020
50. World No 1 Hacker Software
51. Pentest Tools Tcp Port Scanner
52. Pentest Tools For Android
53. Black Hat Hacker Tools
54. Hacker Tools For Windows
55. Ethical Hacker Tools
56. Best Hacking Tools 2019
57. Hack Tools Mac
58. Hacker Tool Kit
59. Pentest Tools Website Vulnerability
60. Nsa Hack Tools
61. How To Make Hacking Tools
62. Pentest Recon Tools
63. Hacking Tools Mac
64. Hack Tools 2019
65. Best Hacking Tools 2019
66. Hacker Tools Hardware
67. Black Hat Hacker Tools
68. Hacker Tools Apk
69. Hack Tool Apk
70. Hacking Tools For Beginners
71. Hacking Tools Online
72. Pentest Tools Website Vulnerability
73. What Is Hacking Tools
74. Tools For Hacker
75. Hacking Tools For Pc
76. Blackhat Hacker Tools
77. Hack Website Online Tool
78. Hack Rom Tools
79. Hacking Tools
80. Hackrf Tools
81. Underground Hacker Sites
82. Pentest Box Tools Download
83. Pentest Tools Framework
84. Bluetooth Hacking Tools Kali
85. World No 1 Hacker Software
86. Hacking Tools For Mac
87. Pentest Tools Url Fuzzer
88. Hacking Tools Download
89. Hacking Tools Windows 10
90. Hacking Tools Kit
91. Pentest Tools Url Fuzzer
92. Hacking App
93. Hacking Tools For Mac
94. Termux Hacking Tools 2019
95. Hacker
96. Hacking Tools For Windows 7
97. Hack Tools
98. Pentest Tools Download
99. Hacking App
100. Pentest Tools Download
101. Hack Tools Mac
102. Pentest Tools Review
103. Hack Tool Apk
104. Pentest Tools Tcp Port Scanner
105. Pentest Automation Tools
106. Easy Hack Tools
107. Hacking Apps
108. Hacker Tools Free
109. Hacking Tools For Mac
110. Hacker Tools For Mac
111. Hacks And Tools
112. Pentest Tools For Android
113. Free Pentest Tools For Windows
114. Hack Tools
115. Best Hacking Tools 2020
116. Pentest Tools Bluekeep
117. Hack Rom Tools
118. Easy Hack Tools
119. New Hack Tools
120. Hack Tools For Windows
121. Pentest Tools Linux
122. Pentest Tools Tcp Port Scanner
123. Hacker Tools 2019
124. Hacker Tools Free
125. Hacking Apps
126. Best Pentesting Tools 2018
127. What Are Hacking Tools
128. Pentest Tools
129. Pentest Tools Open Source