Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Related posts

1. Pentest Tools Download
2. Hack Tools Online
3. Hacking Tools Windows 10
4. Pentest Tools For Android
5. How To Make Hacking Tools
6. Hack Tools Github
7. Pentest Tools Website Vulnerability
8. Ethical Hacker Tools
9. Hacking Tools Kit
10. Free Pentest Tools For Windows
11. Pentest Tools For Ubuntu
12. Tools Used For Hacking
13. Hack Tools
14. Pentest Tools Windows
15. Pentest Tools Website
16. Easy Hack Tools
17. Hacking Tools Name
18. Hack And Tools
19. Pentest Tools Linux
20. Hack Website Online Tool
21. Hacking Tools Online
22. World No 1 Hacker Software
23. Best Pentesting Tools 2018
24. Hacker Tools Linux
25. Hacking Tools Software
26. Hacking Tools Hardware
27. Pentest Recon Tools
28. What Are Hacking Tools
29. Beginner Hacker Tools
30. Hackrf Tools
31. Hacking Tools Name
32. Black Hat Hacker Tools
33. Hacking Tools For Windows
34. Hack Tools Download
35. Pentest Tools Nmap
36. Hack Tools For Ubuntu
37. Hacking Tools Pc
38. Pentest Tools For Android
39. Hacker Tools 2020
40. Hack Rom Tools
41. Nsa Hacker Tools
42. Hacking Tools For Pc
43. Hacker Tools Apk
44. Hacking Tools 2020
45. Github Hacking Tools
46. Hack Tools For Mac
47. Nsa Hacker Tools
48. Hacking Tools Windows 10
49. Hacker Tools 2019
50. Hack Tools Mac
51. Hacking Tools Hardware
52. Hacker Tools Apk Download
53. Best Hacking Tools 2019
54. Hack Tools
55. Pentest Tools Github
56. Pentest Tools Download
57. Pentest Tools Apk
58. Hacking Tools For Kali Linux
59. Pentest Recon Tools
60. Hacking Tools Pc
61. Physical Pentest Tools
62. Game Hacking
63. Hacker
64. Pentest Recon Tools
65. Pentest Tools For Mac
66. Hacker Tools For Mac
67. Hacking Tools Hardware
68. Hack Tools For Pc
69. New Hack Tools
70. Hacking Tools Windows
71. Hack Tools 2019
72. Tools For Hacker
73. Hacking Tools For Pc
74. Top Pentest Tools
75. Best Hacking Tools 2019
76. Usb Pentest Tools
77. Pentest Tools Free
78. Kik Hack Tools
79. Hacking Tools
80. Pentest Tools Android
81. Hacker Tools Online
82. Hacker Tools For Mac
83. Wifi Hacker Tools For Windows
84. Pentest Tools For Android
85. Hack Tools For Games
86. Hacker Tools For Mac
87. Pentest Tools
88. Pentest Tools
89. Pentest Tools Online
90. Hacker Tools Free Download
91. Hack Tool Apk No Root
92. Easy Hack Tools
93. Hacking Tools For Kali Linux
94. Hacker Tools List
95. Pentest Tools Android
96. Hacker Tools Online
97. Easy Hack Tools
98. Hacking Tools Usb
99. Hacker Tools For Ios
100. Pentest Tools For Ubuntu
101. Top Pentest Tools
102. Pentest Tools Bluekeep
103. Hacker Tools
104. Pentest Automation Tools
105. Hack Tools For Ubuntu
106. Hack Tools
107. Pentest Tools Download
108. Hacking Tools Windows
109. Pentest Tools Alternative
110. Hacker Tools Mac
111. Hacking Tools And Software
112. Hack Tools Pc
113. Pentest Tools Alternative
114. Usb Pentest Tools
115. Usb Pentest Tools
116. Hacker Tools Linux
117. Usb Pentest Tools
118. Pentest Tools For Android
119. Pentest Reporting Tools
120. Pentest Tools Nmap
121. Blackhat Hacker Tools
122. Hacker Tools
123. Hacking Tools 2019
124. Nsa Hacker Tools
125. Hacker Tools For Ios
126. Hack Apps
127. Hacking Tools For Windows
128. Tools For Hacker
129. Hacker Tools Hardware
130. Pentest Tools Windows
131. Hacker Tool Kit
132. Termux Hacking Tools 2019
133. Hacker
134. Hacking Tools Pc
135. How To Install Pentest Tools In Ubuntu
136. Hacker Tools Free Download
137. Pentest Tools For Mac
138. Hack Tools For Pc
139. Hack Tools For Games
140. Kik Hack Tools
141. Hacking Tools Online
142. Hack Tools Mac
143. Best Hacking Tools 2019
144. How To Make Hacking Tools
145. Growth Hacker Tools
146. Best Pentesting Tools 2018
147. Computer Hacker
148. Nsa Hack Tools