An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Related articles
- Wifi Hacker Tools For Windows
- Hack Tool Apk No Root
- Hacker Security Tools
- Hacking Tools For Beginners
- Pentest Tools Website Vulnerability
- Best Pentesting Tools 2018
- How To Install Pentest Tools In Ubuntu
- Underground Hacker Sites
- Hacking Tools And Software
- Hacker Tools Free Download
- Pentest Tools Apk
- Hack And Tools
- Hacker Tools Windows
- Nsa Hacker Tools
- Hacker Security Tools
- Hack App
- Top Pentest Tools
- Hacker Tools Mac
- How To Hack
- Pentest Box Tools Download
- Hacking App
- What Are Hacking Tools
- Hacker Tools
- Install Pentest Tools Ubuntu
- Hacking Tools Free Download
- Physical Pentest Tools
- Hacker Tools Windows
- Pentest Tools Android
- Pentest Recon Tools
- Underground Hacker Sites
- Hack App
- Hacker
- Pentest Tools Apk
- Game Hacking
- Hacking Tools For Beginners
- Best Hacking Tools 2019
- Pentest Recon Tools
- Pentest Tools Kali Linux
- Pentest Tools For Windows
- Pentest Tools Download
- Pentest Tools For Ubuntu
- Pentest Tools For Windows
- Hacking Tools Online
- Hacker Tools Apk
- Hacking Tools Download
- Pentest Tools For Android
- Physical Pentest Tools
- Hacking Tools 2019
- Android Hack Tools Github
- How To Hack
- Hacker Tools For Mac
- Ethical Hacker Tools
- What Is Hacking Tools
- Hack App
- Hack Tools
- Hacking Tools Github
- Hacker Tools Windows
- Pentest Tools Nmap
- Best Pentesting Tools 2018
- Pentest Tools Website Vulnerability
- Pentest Tools Android
- Hack Tools 2019
- Hacking Tools Hardware
- Hacking Tools For Windows 7
- Hack Tools Mac
- Hack App
- Hack Tools For Windows
- Termux Hacking Tools 2019
- New Hack Tools
- Hacker Tools 2020
- Hack Tools 2019
- Hacking Tools Kit
- Hack Apps
- Install Pentest Tools Ubuntu
- Hack Tools For Games
- Hack Tools
- Hacker Tools Github
- Pentest Automation Tools
- Black Hat Hacker Tools
- Blackhat Hacker Tools
- Pentest Reporting Tools
- Best Hacking Tools 2019
- Top Pentest Tools
- Hacking Apps
- Nsa Hack Tools
- Hacking Tools Kit
- Hacking Tools For Games
- Pentest Tools Alternative
- Growth Hacker Tools
- Hacker Tools 2019
- How To Hack
- Ethical Hacker Tools
- Hack Tools 2019
- Pentest Tools Apk
- Hack Tools
- Pentest Recon Tools
- Nsa Hack Tools
- Hack Tools For Pc
- Hacking Tools For Windows
- Hacking Tools Software
- Ethical Hacker Tools
- What Are Hacking Tools
- Hack Tools 2019
- Pentest Tools Port Scanner
- Best Pentesting Tools 2018
- Hack App
- Usb Pentest Tools
- Hack Tools Download
- Hacker Tools Apk
- Hack Tool Apk
- Best Hacking Tools 2020
- Hacker Hardware Tools
- Pentest Tools
- Hacks And Tools
- Best Hacking Tools 2020
- Usb Pentest Tools
- Hacking Tools Software
- Pentest Tools Find Subdomains
- Nsa Hack Tools
- What Are Hacking Tools
- What Is Hacking Tools
- Pentest Recon Tools
- Free Pentest Tools For Windows
- Hack Tools For Windows
- Free Pentest Tools For Windows
- Pentest Tools Apk
- Hacking Tools Free Download
- How To Make Hacking Tools
- Pentest Tools For Windows
- Hacking Tools 2020
- Hackrf Tools
- Pentest Tools Linux
- Bluetooth Hacking Tools Kali
- Hacker Tools
- Hacker Tools For Ios
- Hacker Tools Apk Download
- Hacking App
- Black Hat Hacker Tools
- Ethical Hacker Tools
- Pentest Tools Linux
- Hacking Apps
- Hack Tools Mac
- Tools 4 Hack
- Tools 4 Hack
- Hacker Tools 2019
- Hacker Tools Github
Posts
No comments:
Post a Comment