Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More articles

1. Pentest Tools Nmap
2. Hacker Tools For Ios
3. Termux Hacking Tools 2019
4. Pentest Tools Windows
5. Pentest Tools Find Subdomains
6. Hack Website Online Tool
7. Tools Used For Hacking
8. Pentest Tools Url Fuzzer
9. Pentest Tools Android
10. Hacker Tools For Ios
11. Hack Tools For Games
12. Pentest Tools Website
13. Pentest Tools Url Fuzzer
14. Hacking Tools Software
15. Hacker Tools Linux
16. Hacker Tools For Pc
17. Hacking Tools Windows
18. Hacker Tools Linux
19. Hak5 Tools
20. Hack And Tools
21. Hacker Tools 2020
22. Pentest Tools Review
23. What Is Hacking Tools
24. Pentest Tools Apk
25. Pentest Tools Free
26. Hacker Tool Kit
27. Hacking Tools Name
28. Pentest Tools Review
29. Hacking Tools Software
30. Hack Tools Download
31. Hacking Tools Hardware
32. Hacker Tools Free
33. Best Hacking Tools 2020
34. How To Install Pentest Tools In Ubuntu
35. Hack Rom Tools
36. Hacker Tools 2019
37. Hack Tools For Pc
38. Hack Tools Mac
39. Hack Tools 2019
40. Pentest Tools Open Source
41. Hacking Tools Kit
42. Hack Tool Apk
43. How To Make Hacking Tools
44. Pentest Automation Tools
45. Hacking Tools And Software
46. Hacking Tools For Pc
47. How To Install Pentest Tools In Ubuntu
48. Pentest Tools Port Scanner
49. Hacks And Tools
50. Hak5 Tools
51. What Are Hacking Tools
52. How To Make Hacking Tools
53. Pentest Tools For Windows
54. Hacking Tools For Mac
55. Hacking Tools 2019
56. Hacking Tools Online
57. Pentest Tools
58. Pentest Tools For Android
59. Hack App
60. Hacker Tools Free
61. Hacking Tools And Software
62. Pentest Tools Subdomain
63. Hack Tools For Windows
64. Hacking Tools Github
65. Free Pentest Tools For Windows
66. Hacking Tools Windows 10
67. Bluetooth Hacking Tools Kali
68. Hacking Tools And Software
69. Hacking Tools For Mac
70. Black Hat Hacker Tools
71. What Is Hacking Tools
72. Hack Tools Online
73. Pentest Tools List
74. Hacking Tools Kit
75. Hacking Tools Online
76. Hacking Tools
77. Best Pentesting Tools 2018
78. Hacking Apps
79. Usb Pentest Tools
80. Pentest Tools For Windows
81. Pentest Tools For Ubuntu
82. Hacker Tools Hardware
83. Hacker Tools For Pc
84. Hacker Techniques Tools And Incident Handling
85. Hacking Tools For Beginners
86. Pentest Tools Kali Linux
87. Hack Tools For Windows
88. Pentest Tools Framework
89. Hacker Tools List
90. Tools For Hacker
91. Pentest Automation Tools
92. Hacker Tools Hardware
93. Pentest Tools Apk
94. Pentest Tools Open Source
95. Pentest Tools Online
96. Hacking Tools Software
97. Hack Rom Tools
98. Hack Tools For Windows
99. World No 1 Hacker Software
100. Hacking Tools For Games
101. Hacking Tools
102. Pentest Tools Free
103. Hacking Tools Software
104. Hacking Tools For Windows 7
105. Hak5 Tools
106. Pentest Box Tools Download
107. Hacker Tools Free Download
108. World No 1 Hacker Software
109. Hack Tools For Windows
110. Hacker Tools Mac
111. Hacker Tools Github
112. Hack Tools Mac
113. Blackhat Hacker Tools
114. Free Pentest Tools For Windows
115. Hacking Tools Name
116. Hackrf Tools
117. Hacking Tools For Windows 7
118. Hack Tools For Windows
119. Hacking Tools For Mac
120. Hacker Tools Linux
121. Hacking Tools Online
122. Hacking Tools Download
123. Hack Tool Apk No Root
124. Install Pentest Tools Ubuntu
125. Pentest Tools Bluekeep
126. Wifi Hacker Tools For Windows
127. Hacker Tools For Windows
128. Tools 4 Hack
129. Hacking Tools For Windows 7
130. Pentest Tools Find Subdomains
131. Pentest Tools Tcp Port Scanner
132. Hacker Tools Apk Download