Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Related posts

1. Hacking Tools For Beginners
2. Tools 4 Hack
3. Bluetooth Hacking Tools Kali
4. Growth Hacker Tools
5. Pentest Tools Find Subdomains
6. Free Pentest Tools For Windows
7. Hacker Tools Linux
8. Hacker Tools Github
9. Hackers Toolbox
10. Hacking Tools For Windows Free Download
11. Kik Hack Tools
12. Computer Hacker
13. Pentest Tools For Windows
14. Hacker Hardware Tools
15. Hacking Tools For Mac
16. Hacker Tools Github
17. Pentest Tools Port Scanner
18. Hacking Tools And Software
19. Tools Used For Hacking
20. Pentest Tools For Android
21. Free Pentest Tools For Windows
22. Pentest Tools Bluekeep
23. Pentest Tools Alternative
24. Best Pentesting Tools 2018
25. Hacking Tools Windows
26. Pentest Tools Port Scanner
27. Hacking Tools Github
28. Hacking App
29. Hacker Tools Windows
30. Hacker Tools 2019
31. Hacker Tools Windows
32. Hacker Tools Software
33. Hacking Tools Pc
34. What Is Hacking Tools
35. Hacker Tools Github
36. Hacking Tools For Kali Linux
37. Hack Tools Pc
38. Hacking Tools Software
39. Pentest Tools Apk
40. Hacking Tools Usb
41. Hacker Tools Apk
42. Pentest Tools Framework
43. Hacker Tools Apk Download
44. Underground Hacker Sites
45. Hack Tools Online
46. Pentest Tools Tcp Port Scanner
47. Hacking Tools For Windows 7
48. Hack Tools For Pc
49. Hacker Tools 2019
50. Hacking Tools Windows 10
51. Pentest Tools Online
52. Hacking Tools Github
53. Hacker Tools Apk
54. Pentest Tools Bluekeep
55. Game Hacking
56. Pentest Tools Free
57. Hacker Tools 2020
58. Hacker Tools 2019
59. Hack Tools Pc
60. Pentest Tools Bluekeep
61. Hacker Tools Github
62. Hacker Tools Software
63. Hacking Tools Free Download
64. Pentest Tools Framework
65. Nsa Hacker Tools
66. Pentest Box Tools Download
67. Hacker Tool Kit
68. Blackhat Hacker Tools
69. Easy Hack Tools
70. Hacking Tools For Windows
71. Pentest Tools Website Vulnerability
72. Hacking Tools For Pc
73. Hacking App
74. Pentest Tools Bluekeep
75. Tools 4 Hack
76. Hacking Tools Usb
77. Hack Website Online Tool
78. Hacker Tools Software
79. Pentest Tools Online
80. Hackers Toolbox
81. Hacker Tools Software
82. Bluetooth Hacking Tools Kali
83. Hack Tools For Ubuntu
84. Pentest Tools Windows
85. Hacker Tools Hardware
86. Tools For Hacker
87. Hack Tools
88. Pentest Tools Website
89. Hacking Tools For Mac
90. Hacking Tools Mac
91. Hacking Tools Download
92. How To Hack
93. Hacker
94. Hacking Tools Hardware
95. World No 1 Hacker Software
96. Hack Tools For Games
97. Hack Rom Tools
98. Pentest Tools
99. Pentest Tools Windows
100. Hacking Tools Online
101. Pentest Box Tools Download
102. Pentest Tools Review
103. Pentest Tools Kali Linux
104. Hacking Apps
105. Hack Apps
106. Hacker Tools For Pc
107. Hack Tools Download
108. Hacker Tool Kit
109. Hack Rom Tools
110. Pentest Tools Alternative
111. Hacker Techniques Tools And Incident Handling
112. Growth Hacker Tools
113. Nsa Hack Tools Download
114. Top Pentest Tools
115. Pentest Tools Alternative
116. Hacker Tools Apk
117. Nsa Hack Tools
118. Hacker
119. Pentest Recon Tools
120. Termux Hacking Tools 2019
121. Android Hack Tools Github
122. Nsa Hack Tools Download
123. Hacker Tools For Ios
124. Wifi Hacker Tools For Windows
125. Hacking Tools Mac
126. Hacking Tools Name
127. Hacking Tools For Mac
128. How To Make Hacking Tools
129. Hack And Tools
130. Hacking Tools 2020