Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More information

1. Hacker Tools Hardware
2. Pentest Tools Windows
3. Hacking Tools For Games
4. Bluetooth Hacking Tools Kali
5. Hacker Tools For Ios
6. Hacker Tools Mac
7. New Hack Tools
8. Hacking Tools For Windows Free Download
9. Hak5 Tools
10. Pentest Tools Url Fuzzer
11. Pentest Tools Review
12. Pentest Recon Tools
13. Hack Tools For Ubuntu
14. Hack Rom Tools
15. Hacking Tools For Kali Linux
16. Hacking Tools Windows
17. Physical Pentest Tools
18. Pentest Tools Framework
19. Pentest Tools Framework
20. Pentest Automation Tools
21. Hack App
22. Pentest Tools
23. Pentest Tools Url Fuzzer
24. Hacker Tools Apk Download
25. Hacks And Tools
26. Hacker Security Tools
27. Pentest Tools
28. Hacker Tools
29. Underground Hacker Sites
30. Pentest Tools For Android
31. Pentest Tools Review
32. Pentest Tools Website Vulnerability
33. Black Hat Hacker Tools
34. Hacker Tools Apk Download
35. Best Pentesting Tools 2018
36. Computer Hacker
37. Hacking Tools For Games
38. Pentest Reporting Tools
39. Install Pentest Tools Ubuntu
40. Hacking Tools Download
41. Best Hacking Tools 2020
42. Game Hacking
43. Best Hacking Tools 2020
44. Hacker Tools Windows
45. Hack And Tools
46. Blackhat Hacker Tools
47. Hacking Tools For Beginners
48. Hacking Tools For Mac
49. Hacking Tools Pc
50. Hacking Tools
51. Pentest Recon Tools
52. Hack Tools For Ubuntu
53. Nsa Hack Tools
54. Hack Website Online Tool
55. Pentest Tools Review
56. Hacker Tools Mac
57. Android Hack Tools Github
58. Hacking Tools For Windows
59. Hack Tools Download
60. Hacking Apps
61. Hack Tools Pc
62. Hacking Tools Windows 10
63. What Is Hacking Tools
64. Hack Tools Mac
65. Best Hacking Tools 2019
66. Pentest Tools Free
67. Game Hacking
68. Hacker Tools Online
69. Free Pentest Tools For Windows
70. Nsa Hack Tools Download
71. Nsa Hack Tools Download
72. Hack App
73. Pentest Tools Open Source
74. Pentest Tools Review
75. New Hack Tools
76. Usb Pentest Tools
77. Hacker Tools Apk Download
78. Pentest Tools Online
79. Pentest Tools Url Fuzzer
80. Tools For Hacker
81. Hacking Apps
82. Hacker Tool Kit
83. Pentest Tools Download
84. How To Install Pentest Tools In Ubuntu
85. Hack And Tools
86. Hackrf Tools
87. Hacking Tools For Pc
88. Pentest Tools Port Scanner
89. Hacker Tools Windows
90. Pentest Tools Github
91. Hacker Tools For Windows
92. Tools 4 Hack
93. Pentest Tools Port Scanner
94. Pentest Tools Github
95. Hacking Tools Github
96. Hacking Tools Windows
97. Free Pentest Tools For Windows
98. Hack Tools Mac
99. Usb Pentest Tools
100. Hacking Tools 2020
101. Pentest Tools Nmap
102. Hack Tools Mac
103. Pentest Tools Review
104. Pentest Tools Apk
105. Hacking Tools And Software
106. Hacking Tools 2019
107. Black Hat Hacker Tools
108. Hack App
109. Termux Hacking Tools 2019
110. Hacking Tools Software
111. Pentest Tools For Windows
112. Hacking Tools Hardware
113. Pentest Tools
114. Physical Pentest Tools
115. Pentest Tools Open Source
116. Tools For Hacker
117. Physical Pentest Tools
118. Hacking Tools Pc
119. Pentest Tools For Mac
120. Computer Hacker
121. Underground Hacker Sites
122. Black Hat Hacker Tools
123. Hack Tools 2019
124. Hacking Apps
125. Hacker
126. Hack Tools For Mac
127. Hack Tools 2019
128. Pentest Automation Tools
129. Hacking Tools Kit
130. Hacker Tools Github
131. Pentest Tools Tcp Port Scanner
132. Best Hacking Tools 2019
133. Hak5 Tools
134. Best Hacking Tools 2019
135. Pentest Tools Windows
136. Hack Tools For Windows