Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Continue reading

1. Hacking Tools For Games
2. Pentest Tools Review
3. Hacker Tools List
4. Hacker Techniques Tools And Incident Handling
5. Android Hack Tools Github
6. Tools Used For Hacking
7. Nsa Hacker Tools
8. Hacker Tools For Ios
9. Hacking App
10. Pentest Tools Tcp Port Scanner
11. Hacker Tools For Pc
12. Hacking Tools Usb
13. Hacking Tools
14. Hacker Tools For Mac
15. Pentest Tools Github
16. Hacker Tool Kit
17. Pentest Reporting Tools
18. Hacking Tools Github
19. Tools 4 Hack
20. Hack Tools Download
21. Computer Hacker
22. Hack Tools Pc
23. Top Pentest Tools
24. Pentest Tools
25. Hack And Tools
26. Best Pentesting Tools 2018
27. Hack Rom Tools
28. Hack Tools
29. Pentest Tools For Mac
30. Physical Pentest Tools
31. World No 1 Hacker Software
32. Hack And Tools
33. Blackhat Hacker Tools
34. Hacker Tools For Ios
35. Hacker Hardware Tools
36. Pentest Tools Subdomain
37. Pentest Tools Free
38. Pentest Tools Tcp Port Scanner
39. Hack Tools For Mac
40. Hacking Tools And Software
41. Hacking Tools Hardware
42. Top Pentest Tools
43. Computer Hacker
44. Pentest Tools Android
45. Blackhat Hacker Tools
46. Computer Hacker
47. Hacker Tools For Windows
48. Ethical Hacker Tools
49. Best Hacking Tools 2020
50. Hack Tool Apk No Root
51. Hacker Tools For Pc
52. Hacker Techniques Tools And Incident Handling
53. Underground Hacker Sites
54. Hack Tools Online
55. How To Install Pentest Tools In Ubuntu
56. New Hacker Tools
57. Hacker Tools Apk
58. Hack Tools
59. Github Hacking Tools
60. Pentest Tools Android
61. Install Pentest Tools Ubuntu
62. Hacking Tools For Mac
63. Pentest Tools Website
64. Hacking Tools Kit
65. Hacking Tools Pc
66. Hacks And Tools
67. Pentest Tools Tcp Port Scanner
68. Hack Tools
69. Android Hack Tools Github
70. Pentest Automation Tools
71. Hacker Tools Online
72. Pentest Tools Port Scanner
73. Hacker Tools For Windows
74. Hacking Tools For Kali Linux
75. Pentest Tools Subdomain
76. Bluetooth Hacking Tools Kali
77. Hack Tools Online
78. Pentest Tools
79. Hacking Tools
80. How To Make Hacking Tools
81. Hacker Tool Kit
82. Pentest Tools For Ubuntu
83. Pentest Tools
84. Hacking Tools Hardware
85. Hacker Tool Kit
86. Hack Tool Apk
87. Pentest Tools Review
88. Pentest Tools For Mac
89. Pentest Tools Tcp Port Scanner
90. Pentest Tools List
91. How To Hack
92. Hacker Tools Hardware
93. New Hack Tools
94. Hack Tools For Pc
95. Hak5 Tools
96. Pentest Tools For Ubuntu
97. Hack Tools Pc
98. Hacking Tools Online
99. Hack Tools For Ubuntu
100. Pentest Tools Website
101. Tools 4 Hack
102. Hacking Tools Name
103. Hacker Tools Apk Download
104. How To Make Hacking Tools
105. Hacking Tools Free Download
106. Hacking Tools
107. Pentest Tools
108. Hacker Tools Linux
109. Hacker Tools For Mac
110. Pentest Tools Subdomain
111. Pentest Tools For Android
112. Hacking Tools For Windows Free Download
113. Hackers Toolbox
114. Hack Tools Pc
115. Hack Tools 2019
116. Best Hacking Tools 2020
117. Hacker Tools Software
118. Hacker Tool Kit
119. Best Hacking Tools 2019
120. Pentest Reporting Tools
121. Termux Hacking Tools 2019
122. Tools For Hacker
123. Tools For Hacker
124. Hacker Tools Online
125. Hacking Tools 2019
126. Tools Used For Hacking
127. Pentest Tools Linux
128. Pentest Tools Online
129. Hacker Tools For Mac
130. Tools For Hacker