Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More articles

1. Hacker Tools For Ios
2. Pentest Recon Tools
3. Hack Tools Github
4. Hacking Tools 2019
5. Hacker Tools For Pc
6. Hacker Tools Online
7. Hacker Tools Apk
8. Tools Used For Hacking
9. Pentest Tools For Mac
10. Hacking Tools And Software
11. New Hack Tools
12. New Hacker Tools
13. Easy Hack Tools
14. Hacker Techniques Tools And Incident Handling
15. Pentest Tools Online
16. Pentest Tools Kali Linux
17. Hack Tools For Mac
18. Pentest Tools For Mac
19. Install Pentest Tools Ubuntu
20. Hacking Tools And Software
21. Hacker Tools
22. Hacking Tools 2019
23. Hacking Tools For Pc
24. Hacker Techniques Tools And Incident Handling
25. Hack Website Online Tool
26. Pentest Tools Website
27. Hacking Tools Windows
28. Blackhat Hacker Tools
29. Pentest Reporting Tools
30. Pentest Tools Apk
31. Pentest Tools Apk
32. How To Install Pentest Tools In Ubuntu
33. Hacking Tools Free Download
34. Hacking Tools Windows 10
35. How To Make Hacking Tools
36. Install Pentest Tools Ubuntu
37. Hacker Tools Apk Download
38. Hak5 Tools
39. Best Pentesting Tools 2018
40. Hacker Tools 2020
41. Hacking Tools And Software
42. Hacking Tools Software
43. Wifi Hacker Tools For Windows
44. Hacking App
45. Growth Hacker Tools
46. Pentest Tools Bluekeep
47. Pentest Tools Kali Linux
48. Underground Hacker Sites
49. Hack Tool Apk
50. Hacking Tools Pc
51. Pentest Tools Url Fuzzer
52. Hack Tools Pc
53. Hacker Tools For Pc
54. Hack Website Online Tool
55. Hacking Tools For Beginners
56. Pentest Tools
57. Hacker Tools For Windows
58. Hack Tools
59. Hack Rom Tools
60. Hacker
61. How To Make Hacking Tools
62. Nsa Hack Tools Download
63. How To Install Pentest Tools In Ubuntu
64. Hacking Tools Windows 10
65. Pentest Tools
66. Hacker Tools Apk Download
67. Hackrf Tools
68. How To Install Pentest Tools In Ubuntu
69. Hacking Tools For Windows
70. Hacking Tools Name
71. Hack Rom Tools
72. Tools For Hacker
73. Github Hacking Tools
74. Hack Tool Apk No Root
75. Pentest Tools Website Vulnerability
76. Hacker Tools Free
77. Hacking Apps
78. Blackhat Hacker Tools
79. Hack Tool Apk
80. Hack Tools Github
81. Computer Hacker
82. Hackrf Tools
83. Hack Website Online Tool
84. Tools Used For Hacking
85. Kik Hack Tools
86. Pentest Tools Website Vulnerability
87. Hacker Tools Online
88. Game Hacking
89. What Are Hacking Tools
90. Hack Tools 2019
91. Hacking Tools For Beginners
92. Termux Hacking Tools 2019
93. Hacking Tools Hardware
94. Nsa Hack Tools Download
95. Best Pentesting Tools 2018
96. Hacker Tools Github
97. Tools Used For Hacking
98. Pentest Automation Tools
99. Hacker Tools For Pc
100. Physical Pentest Tools
101. Hack Tools
102. Hacker Search Tools
103. Hack Website Online Tool
104. What Is Hacking Tools
105. Pentest Tools Website
106. Pentest Tools Apk
107. Hacker Tools Github
108. Wifi Hacker Tools For Windows
109. World No 1 Hacker Software
110. Hack Tools Mac
111. Hacker Tools Mac
112. Hacking Apps
113. Hacks And Tools
114. Pentest Tools Framework
115. Hack Tools
116. Hacker Techniques Tools And Incident Handling
117. Hacking Tools Github
118. Wifi Hacker Tools For Windows
119. Tools Used For Hacking
120. Hack App
121. Pentest Recon Tools
122. Pentest Tools List