An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
More articles
- Tools Used For Hacking
- Hacker Tools For Mac
- Nsa Hack Tools
- Hacking Tools For Windows 7
- Underground Hacker Sites
- Nsa Hacker Tools
- Hacking Tools Windows 10
- What Are Hacking Tools
- Android Hack Tools Github
- Hacker Hardware Tools
- Hacking Tools For Windows Free Download
- Hacking Tools For Pc
- World No 1 Hacker Software
- Pentest Tools Website Vulnerability
- How To Install Pentest Tools In Ubuntu
- New Hack Tools
- Pentest Tools Port Scanner
- Hack Tools Pc
- Hacking Tools Hardware
- Hack Tool Apk No Root
- Pentest Tools Windows
- New Hacker Tools
- Pentest Tools For Windows
- Termux Hacking Tools 2019
- Hacker Tools Apk
- Growth Hacker Tools
- Hack Tools Download
- Hacker Security Tools
- Hacking Tools For Windows
- Hacking Tools 2019
- Hacking Tools Kit
- Hack Tools For Mac
- How To Make Hacking Tools
- Hack Tools Online
- Hacker Tools For Pc
- Hacking Tools For Games
- Hacking Tools For Pc
- Install Pentest Tools Ubuntu
- Hacker Tools 2019
- Pentest Tools For Windows
- Pentest Tools Windows
- Pentest Tools Find Subdomains
- Easy Hack Tools
- Hacking Tools For Mac
- Hack App
- Game Hacking
- Pentest Tools Framework
- Hack Website Online Tool
- Install Pentest Tools Ubuntu
- Hack Tools For Games
- Hacking Tools Free Download
- Hack And Tools
- Hacker Tools 2019
- Hacking App
- Tools For Hacker
- Hacker Tools Free Download
- Pentest Tools Port Scanner
- Hacking Tools For Beginners
- Hacking Apps
- Pentest Tools Review
- Pentest Tools Online
- Hacking Tools Github
- Hacking Tools
- Hacking Tools For Mac
- Pentest Tools Website Vulnerability
- Kik Hack Tools
- Pentest Tools
- Hack Tools Download
- Hacking Tools Windows
- Hack Tool Apk No Root
- Hacker Tool Kit
- Hack Tools For Pc
- Hacker Security Tools
- Hak5 Tools
- Hack Tools Github
- Hackrf Tools
- Hack Tools For Mac
- Pentest Tools Nmap
- Hacking Tools Usb
- Hacking Tools For Mac
- Hacker Tools Apk
- Hacking Tools For Windows 7
- Hack Tools Download
- Hack Tools For Games
- Pentest Recon Tools
- Pentest Tools Framework
- Tools 4 Hack
- Hacker Tools For Mac
- What Is Hacking Tools
- Hack Tools For Games
- Pentest Recon Tools
- Pentest Tools Linux
- Best Pentesting Tools 2018
- Kik Hack Tools
- Pentest Tools Open Source
- Hack Tools Mac
- Beginner Hacker Tools
- New Hacker Tools
- Tools 4 Hack
- Hacking Tools 2020
- Black Hat Hacker Tools
- Hacking Tools Download
- Hacker Techniques Tools And Incident Handling
- Hacking Tools Windows 10
- Hack Tools Mac
- Hack Tools 2019
- Kik Hack Tools
- Easy Hack Tools
- Hacker Tools Hardware
- Hackrf Tools
- Pentest Tools Url Fuzzer
- Nsa Hack Tools
- Hack Tools For Mac
- Hacker Tools 2019
- Black Hat Hacker Tools
- Hacker Tools For Pc
- Pentest Tools Nmap
- What Are Hacking Tools
- Free Pentest Tools For Windows
- Hack App
Ingen kommentarer:
Legg inn en kommentar