Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Continue reading

1. Hacking Tools For Beginners
2. Github Hacking Tools
3. Hacking Tools For Kali Linux
4. Underground Hacker Sites
5. Pentest Tools Review
6. Hacking Tools For Games
7. Hack Tools Download
8. Github Hacking Tools
9. Hacking Tools Hardware
10. Nsa Hacker Tools
11. Pentest Tools List
12. Hacker Tools Linux
13. Hacking Tools 2020
14. Pentest Tools List
15. Hacking Tools For Beginners
16. How To Make Hacking Tools
17. Underground Hacker Sites
18. Game Hacking
19. Install Pentest Tools Ubuntu
20. Hacking Tools Windows
21. How To Install Pentest Tools In Ubuntu
22. Hack Tools For Windows
23. Hacker Tools Software
24. Hacks And Tools
25. Hacker Tools For Mac
26. Black Hat Hacker Tools
27. Hacker Techniques Tools And Incident Handling
28. Hacking Tools Pc
29. Growth Hacker Tools
30. Best Hacking Tools 2020
31. Underground Hacker Sites
32. Hacking Apps
33. Pentest Tools Kali Linux
34. Pentest Tools Website Vulnerability
35. Hackers Toolbox
36. Computer Hacker
37. How To Hack
38. How To Make Hacking Tools
39. Hacking Tools And Software
40. Hack Tools For Pc
41. Pentest Tools Kali Linux
42. World No 1 Hacker Software
43. Hack App
44. Hack Tools Online
45. Beginner Hacker Tools
46. Hack And Tools
47. Hacker Tools Github
48. Pentest Automation Tools
49. Hacker Tools For Pc
50. Hacker Tools Software
51. Pentest Tools Linux
52. Pentest Tools Subdomain
53. Pentest Tools Website
54. Hacking Tools Mac
55. Pentest Tools Website
56. Pentest Tools Linux
57. Hacker Tools Hardware
58. Pentest Tools Review
59. Hacker Tools Free Download
60. Pentest Tools Android
61. Hacker Tools Hardware
62. Termux Hacking Tools 2019
63. Hack App
64. Pentest Tools Review
65. Pentest Tools Subdomain
66. Tools 4 Hack
67. Pentest Tools Github
68. Hacker Search Tools
69. Pentest Tools Windows
70. Pentest Tools Bluekeep
71. Hacker Tools 2020
72. Hacker Search Tools
73. Pentest Recon Tools
74. Hacker
75. Hacker
76. Pentest Automation Tools
77. Hacking Tools For Mac
78. Hacking Tools For Beginners
79. Pentest Reporting Tools
80. Hackers Toolbox
81. Pentest Tools Free
82. New Hack Tools
83. Usb Pentest Tools
84. Hack Tool Apk
85. Pentest Tools Online
86. Hack Tools For Windows
87. Hacker Tools Apk
88. Hacking Tools Download
89. Hacking Tools 2019
90. Pentest Tools Apk
91. Hacker Security Tools
92. Pentest Reporting Tools
93. Hacker Tools 2020
94. Hack Tools For Ubuntu
95. Hacks And Tools
96. Beginner Hacker Tools
97. Pentest Box Tools Download
98. Physical Pentest Tools
99. Best Hacking Tools 2019
100. Hack Tools
101. Pentest Tools
102. Growth Hacker Tools
103. Android Hack Tools Github
104. Pentest Tools Port Scanner
105. Pentest Tools Subdomain
106. Kik Hack Tools
107. Hacker Tool Kit
108. Free Pentest Tools For Windows
109. Hacker Tools Hardware
110. Hacker Tools Linux
111. Pentest Tools For Windows
112. Best Hacking Tools 2019
113. Pentest Tools Find Subdomains
114. Pentest Tools Windows
115. Nsa Hack Tools Download
116. Pentest Tools Find Subdomains
117. Hacking Tools Online
118. Install Pentest Tools Ubuntu
119. Ethical Hacker Tools
120. Hak5 Tools
121. Physical Pentest Tools
122. Hack Tool Apk No Root
123. Hacker Search Tools
124. Nsa Hack Tools Download
125. Hacking Tools Usb
126. Underground Hacker Sites
127. Pentest Tools Online
128. Pentest Recon Tools
129. Hacking Tools Name
130. Hacking Tools For Kali Linux
131. Pentest Box Tools Download
132. Black Hat Hacker Tools
133. Pentest Tools Tcp Port Scanner
134. Pentest Tools Kali Linux
135. Hack Tools For Pc
136. How To Make Hacking Tools
137. Hacker Security Tools
138. Hacker Search Tools
139. Nsa Hack Tools
140. Hacking Tools
141. Pentest Tools Github
142. Hacker Tools 2019
143. Hacker
144. Hack Tools