Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Related word

1. World No 1 Hacker Software
2. Nsa Hacker Tools
3. Free Pentest Tools For Windows
4. Nsa Hacker Tools
5. Hacker Tools For Mac
6. Pentest Tools Alternative
7. Hacker Hardware Tools
8. Hacking App
9. Pentest Tools For Mac
10. Hack Tool Apk No Root
11. Nsa Hack Tools Download
12. Pentest Tools List
13. Github Hacking Tools
14. How To Install Pentest Tools In Ubuntu
15. Hacker Tools Apk Download
16. Hacks And Tools
17. Hack Tools Github
18. Hacking Tools Download
19. Hack Tools For Ubuntu
20. Hacking Tools
21. Hack Tools 2019
22. Hack Tools For Pc
23. How To Install Pentest Tools In Ubuntu
24. Best Pentesting Tools 2018
25. Pentest Tools Url Fuzzer
26. Hack Tools Mac
27. Nsa Hack Tools
28. Hacking Tools Name
29. How To Make Hacking Tools
30. Hacker Tools Apk Download
31. Hack Tools
32. Ethical Hacker Tools
33. Pentest Tools Online
34. Hacker Tools List
35. Pentest Tools Subdomain
36. Hacking Tools For Pc
37. Hack Tools For Ubuntu
38. Pentest Tools Download
39. Pentest Tools Online
40. Hack Tools For Windows
41. Hacker Tools Hardware
42. Usb Pentest Tools
43. Pentest Tools Alternative
44. Best Hacking Tools 2019
45. Pentest Reporting Tools
46. Hacker Security Tools
47. Hack Tools
48. Pentest Tools Website Vulnerability
49. Android Hack Tools Github
50. Hacking Tools Usb
51. Best Hacking Tools 2019
52. Hacker
53. Best Pentesting Tools 2018
54. Android Hack Tools Github
55. Hacking App
56. Hacker Tool Kit
57. Hacker Tools Apk
58. Hacks And Tools
59. Hacking Tools Download
60. Pentest Tools For Ubuntu
61. Hacking Tools For Beginners
62. Best Pentesting Tools 2018
63. Pentest Tools List
64. Hacking Tools Hardware
65. Pentest Tools Online
66. Pentest Tools List
67. Pentest Tools Find Subdomains
68. Hacking Tools For Beginners
69. Pentest Tools Kali Linux
70. Hacker Tools Mac
71. Hacker Tools Windows
72. Hacker Security Tools
73. Pentest Tools Linux
74. Hacker Tools For Mac
75. Pentest Tools For Mac
76. Top Pentest Tools
77. Hacker Hardware Tools
78. Hack Tools Online
79. Pentest Tools List
80. Blackhat Hacker Tools
81. Hack Tool Apk No Root
82. Hacking Tools 2019
83. Pentest Tools Open Source
84. Pentest Tools Find Subdomains
85. Termux Hacking Tools 2019
86. Black Hat Hacker Tools
87. Hacker Tools For Windows
88. Growth Hacker Tools
89. Hacking Tools For Windows Free Download
90. Hacking Tools Online
91. Hack Tools For Mac
92. Pentest Tools Tcp Port Scanner
93. Pentest Tools Nmap
94. Hackers Toolbox
95. Hackrf Tools
96. Tools 4 Hack
97. Pentest Tools Android
98. Best Hacking Tools 2019
99. Pentest Reporting Tools
100. Pentest Tools Bluekeep
101. Hacks And Tools
102. Hacks And Tools
103. World No 1 Hacker Software
104. Hacker Tools Hardware
105. Github Hacking Tools
106. Hacking Apps
107. How To Install Pentest Tools In Ubuntu
108. Tools Used For Hacking
109. Pentest Tools Apk
110. Pentest Tools Download
111. Blackhat Hacker Tools
112. Hack Tools 2019
113. Hacker Tools Windows
114. What Is Hacking Tools
115. Hacker Tools Software
116. Hacking Tools Free Download
117. What Is Hacking Tools
118. Hacking Tools 2020
119. Hackrf Tools
120. Game Hacking
121. Hacking Tools Usb
122. Hacker Techniques Tools And Incident Handling
123. Pentest Tools Kali Linux
124. Hacking App
125. Pentest Tools Find Subdomains