Thursday, January 25, 2024

Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 


An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.


Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Related news
  1. Pentest Box Tools Download
  2. Hacking Tools For Games
  3. Pentest Tools Apk
  4. Hack App
  5. Pentest Tools Framework
  6. Pentest Tools Kali Linux
  7. Hacking Tools For Beginners
  8. Hacker Tools 2019
  9. Hacking Tools For Windows
  10. Best Hacking Tools 2019
  11. Hacker Tools For Windows
  12. Hacking Tools 2019
  13. Pentest Tools For Ubuntu
  14. Hacking Tools Github
  15. Hacking Tools For Windows Free Download
  16. Hacking Tools Software
  17. Hackers Toolbox
  18. Hacking Tools Kit
  19. Hack Website Online Tool
  20. Hacking Tools 2020
  21. Hacking Tools For Windows
  22. Pentest Tools Free
  23. Hak5 Tools
  24. Hacking Tools Name
  25. Hacking Tools Windows 10
  26. Hack Tool Apk No Root
  27. Hacking Apps
  28. Hacker Hardware Tools
  29. Pentest Tools Find Subdomains
  30. Hack Tools For Pc
  31. Pentest Tools Framework
  32. Pentest Tools Online
  33. Hacking Tools For Windows 7
  34. Hack Tools For Windows
  35. Hacker Tools For Mac
  36. Hacker Tools Linux
  37. Nsa Hack Tools Download
  38. Nsa Hack Tools Download
  39. Hacking Tools 2019
  40. Hacking Tools Download
  41. Pentest Tools Url Fuzzer
  42. Hacking Apps
  43. Pentest Tools Website
  44. Hacker Tools 2020
  45. World No 1 Hacker Software
  46. Hacking Tools
  47. Hacking Tools For Beginners
  48. Pentest Tools For Windows
  49. Pentest Tools For Android
  50. Pentest Tools Online
  51. Github Hacking Tools
  52. Pentest Tools Framework
  53. Ethical Hacker Tools
  54. Hacker Tools Apk Download
  55. Best Hacking Tools 2020
  56. Hacker Tools Linux
  57. Hackers Toolbox
  58. Hacking Tools Software
  59. Hacker Tools Linux
  60. Pentest Tools Website
  61. Hacker Tools Free Download
  62. Hack Website Online Tool
  63. Pentest Tools For Android
  64. Pentest Tools Tcp Port Scanner
  65. Hacker Tools Windows
  66. Hacker Tools Apk Download
  67. Hak5 Tools
  68. How To Install Pentest Tools In Ubuntu
  69. Hacker Tools List
  70. Hacking Tools For Beginners
  71. Pentest Automation Tools
  72. Hack Tool Apk No Root
  73. Pentest Tools Alternative
  74. Easy Hack Tools
  75. Hacking Tools And Software
  76. Termux Hacking Tools 2019
  77. Hacker Tools
  78. Pentest Tools Nmap
  79. Blackhat Hacker Tools
  80. Hack Tools For Mac
  81. Hak5 Tools
  82. Bluetooth Hacking Tools Kali
  83. Hack Website Online Tool
  84. Hacker Security Tools
  85. Hacker Hardware Tools
  86. Pentest Tools Linux
  87. Bluetooth Hacking Tools Kali
  88. Hacker Tools Hardware
  89. Hacking Tools For Windows
  90. Hacking Tools Usb
  91. Pentest Tools Review
  92. Easy Hack Tools
  93. Hacking Tools Hardware
  94. Hacker Tools Mac
  95. Hack Website Online Tool
  96. Pentest Tools For Ubuntu
  97. Hacker Tools Windows
  98. Hack Tools Download
  99. Hacks And Tools
  100. Hacking Tools For Mac
  101. Hacking Tools For Beginners
  102. Pentest Tools Tcp Port Scanner
  103. Install Pentest Tools Ubuntu
  104. Hacker Security Tools
  105. Physical Pentest Tools
  106. Pentest Tools Linux
  107. Hack Tools
  108. Hak5 Tools
  109. Hack Tools Mac
  110. Growth Hacker Tools
  111. Hacking Tools And Software
  112. Hacker Tools For Ios
  113. Hacker Tools For Windows
  114. Pentest Tools Review
  115. Hacker Techniques Tools And Incident Handling
  116. Hacker Tools
  117. Hacker Tools List
  118. Install Pentest Tools Ubuntu
  119. Beginner Hacker Tools
  120. Pentest Tools Bluekeep
  121. Hacking Tools Windows 10
  122. Hacking Tools For Mac
  123. Pentest Tools Website Vulnerability
  124. Hacking Tools Pc
  125. Pentest Tools Free
  126. Hacker Techniques Tools And Incident Handling
  127. Pentest Tools Alternative
  128. Hacking Tools Software
  129. Hacking Tools For Mac
  130. Hackers Toolbox
  131. Pentest Tools Android
  132. Hacking Tools For Windows 7
  133. Hacking Tools For Windows Free Download
  134. Hacker Tools Hardware
  135. Hacks And Tools
  136. Hack Tools 2019
  137. Pentest Tools Url Fuzzer
  138. Tools For Hacker
  139. Hacker Tools List
  140. Hacker Security Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)