Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More articles

1. Pentest Tools List
2. Hack App
3. Underground Hacker Sites
4. Computer Hacker
5. Game Hacking
6. New Hack Tools
7. Hack Tools
8. Black Hat Hacker Tools
9. Hack Tools For Pc
10. How To Hack
11. Best Hacking Tools 2020
12. Hacking Tools Pc
13. Pentest Tools List
14. Hacking Tools For Windows Free Download
15. Pentest Automation Tools
16. Pentest Tools List
17. Hacker Tools Online
18. Best Hacking Tools 2020
19. Hack Tools Mac
20. Hack Tools For Pc
21. Hacker Tools Free Download
22. Hacker Tools List
23. Hack Tools
24. Hacker Search Tools
25. How To Make Hacking Tools
26. Usb Pentest Tools
27. Hack Tools Online
28. Hacker Tools Apk
29. Pentest Tools Apk
30. Hacking Tools 2020
31. Best Hacking Tools 2020
32. How To Make Hacking Tools
33. Hacker Tools For Ios
34. Physical Pentest Tools
35. Hacker Tools For Mac
36. Hacker Tools Linux
37. Hacker Tools Free
38. Pentest Tools Port Scanner
39. Computer Hacker
40. Hacking Tools For Windows Free Download
41. Hackers Toolbox
42. Hacker Tool Kit
43. Hacker Tools Free
44. Pentest Tools Tcp Port Scanner
45. Pentest Tools Github
46. Pentest Automation Tools
47. Nsa Hacker Tools
48. Hacking Tools Free Download
49. Hacking Tools Usb
50. Hacking Tools Kit
51. Pentest Tools Review
52. Pentest Tools Apk
53. Hack Tools
54. Hacker Hardware Tools
55. Hack Tools 2019
56. Pentest Tools Port Scanner
57. Hack Tools
58. Black Hat Hacker Tools
59. Hacking Tools Windows
60. Hack Apps
61. Pentest Tools Android
62. Hacking Tools For Windows Free Download
63. Growth Hacker Tools
64. Hacker Tools For Windows
65. Pentest Tools Find Subdomains
66. Tools For Hacker
67. Pentest Tools Nmap
68. Hack Tools For Pc
69. Pentest Tools Free
70. Pentest Tools Github
71. Top Pentest Tools
72. Hacker Tools For Ios
73. Pentest Tools Tcp Port Scanner
74. World No 1 Hacker Software
75. Tools For Hacker
76. Hacking Tools Free Download
77. Pentest Tools Nmap
78. Hacker Techniques Tools And Incident Handling
79. Github Hacking Tools
80. World No 1 Hacker Software
81. Hack Tools Github
82. Pentest Tools Review
83. Pentest Tools Kali Linux
84. Pentest Tools For Android
85. Hacking Tools For Mac
86. Hacker Tools For Windows
87. Underground Hacker Sites
88. Pentest Tools Url Fuzzer
89. Hack Tool Apk No Root
90. Hacker Tools For Pc
91. Hacking Tools Software
92. Pentest Reporting Tools
93. Hack Website Online Tool
94. Hacker Techniques Tools And Incident Handling
95. Pentest Tools Website
96. Hacker Tools For Windows
97. Hacker Search Tools
98. Hack Tools For Windows
99. Hack Website Online Tool
100. Hacker Security Tools
101. Nsa Hack Tools Download
102. Top Pentest Tools
103. Pentest Tools Kali Linux
104. Beginner Hacker Tools
105. Nsa Hack Tools Download
106. Hacking Tools Windows 10
107. Tools For Hacker
108. What Are Hacking Tools
109. Hackers Toolbox
110. Hacker Tool Kit
111. Nsa Hack Tools Download
112. Hacker Techniques Tools And Incident Handling
113. Computer Hacker