Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Continue reading

1. Hacker Tools
2. Hacker Tools Hardware
3. Pentest Tools Open Source
4. Pentest Tools Url Fuzzer
5. Hack Tools Github
6. Hack Apps
7. What Are Hacking Tools
8. Pentest Tools Port Scanner
9. Usb Pentest Tools
10. Pentest Tools Website Vulnerability
11. Hacking Tools For Games
12. Pentest Box Tools Download
13. Hack Tools For Mac
14. Kik Hack Tools
15. Hack Tools
16. Best Hacking Tools 2020
17. Hack Tools
18. Ethical Hacker Tools
19. Hacking Tools 2020
20. Pentest Box Tools Download
21. Underground Hacker Sites
22. Hacker Tools Linux
23. Best Hacking Tools 2019
24. Hacker
25. Black Hat Hacker Tools
26. Hacking Tools And Software
27. Hacking Tools Online
28. Pentest Tools Online
29. Pentest Recon Tools
30. Hacker Tools Free Download
31. Hacking Tools Usb
32. Hacking Tools Usb
33. Hack Tools Online
34. What Is Hacking Tools
35. Hacking Tools And Software
36. Hacking Tools Kit
37. Nsa Hack Tools Download
38. Hacking Tools
39. Tools 4 Hack
40. Hacking Tools Windows
41. Hacker Search Tools
42. Hack Tool Apk
43. Pentest Tools Framework
44. Pentest Tools Bluekeep
45. Kik Hack Tools
46. Hacking Tools Hardware
47. How To Hack
48. Github Hacking Tools
49. Hacking Tools For Windows
50. Hacker Tools 2019
51. Hacker Tools Free
52. Hack Tools 2019
53. Pentest Tools For Android
54. Pentest Recon Tools
55. Android Hack Tools Github
56. Hacker Hardware Tools
57. Pentest Tools Nmap
58. Pentest Tools Android
59. Hacking Tools For Games
60. Hack Tools For Games
61. Install Pentest Tools Ubuntu
62. Hacking Tools Pc
63. Pentest Tools Find Subdomains
64. What Is Hacking Tools
65. Pentest Tools Apk
66. Hacker Tools Hardware
67. Hacking Tools Mac
68. Pentest Reporting Tools
69. Hacker Tools Mac
70. Hacking Tools Windows 10
71. Hack Tools Download
72. Hacker
73. Wifi Hacker Tools For Windows
74. Hacking App
75. Nsa Hack Tools
76. Hacker Tool Kit
77. Hacks And Tools
78. Pentest Tools Url Fuzzer
79. Pentest Tools Tcp Port Scanner
80. New Hacker Tools
81. Hacking Tools Online
82. Hacking Tools Usb
83. Pentest Tools Website Vulnerability
84. Pentest Tools Nmap
85. Hacker Tools Apk Download
86. Pentest Tools Online
87. Hack Tools Github
88. Pentest Tools Subdomain
89. Hack App
90. Pentest Tools Website Vulnerability
91. Hack Tool Apk No Root
92. Pentest Tools Free
93. New Hack Tools
94. Hacking Tools For Mac
95. Pentest Tools
96. Hack Tools Github
97. Hacking Tools Free Download
98. Pentest Tools Linux
99. Hack Tools Pc
100. Pentest Tools For Ubuntu
101. Hacking Tools And Software
102. Hak5 Tools
103. Hak5 Tools
104. Pentest Tools For Android
105. Nsa Hacker Tools
106. Hacker Tools Software
107. Hacker Techniques Tools And Incident Handling
108. Hacker Tools 2019
109. Hacking Tools 2019
110. Pentest Tools Download
111. Easy Hack Tools
112. Underground Hacker Sites
113. Hacking Tools
114. Install Pentest Tools Ubuntu
115. Pentest Tools Apk
116. World No 1 Hacker Software
117. Beginner Hacker Tools
118. Hack Tool Apk
119. Pentest Reporting Tools
120. Hacking Tools 2020
121. Hacker Tools Apk
122. Hacker Tools Online
123. Tools For Hacker
124. Pentest Tools Website
125. Hak5 Tools
126. Pentest Tools List
127. Hacker Techniques Tools And Incident Handling
128. Underground Hacker Sites
129. Kik Hack Tools
130. Beginner Hacker Tools
131. Hack Tools For Pc
132. Hacking Tools For Pc
133. Hacking Tools And Software
134. Hacking Tools Download
135. Hacking Tools Windows 10