Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

Related word

1. Hacking Tools For Pc
2. Blackhat Hacker Tools
3. Best Hacking Tools 2019
4. Pentest Tools For Mac
5. How To Install Pentest Tools In Ubuntu
6. Pentest Tools Subdomain
7. Pentest Tools Android
8. Hacker Tools Mac
9. Hacking Tools And Software
10. Pentest Tools Android
11. Hacking Tools Download
12. Hacking Tools Windows
13. Pentest Tools Linux
14. Hacker Tool Kit
15. Hack Tools Online
16. Pentest Tools Free
17. What Are Hacking Tools
18. Pentest Tools List
19. Hacker Tools For Mac
20. Hacker Hardware Tools
21. Hacking Tools Hardware
22. Top Pentest Tools
23. Pentest Automation Tools
24. Growth Hacker Tools
25. Nsa Hack Tools
26. Hack Tools For Windows
27. Pentest Tools Tcp Port Scanner
28. Hacking Tools And Software
29. Hacking Tools Github
30. Hackrf Tools
31. Hacking Tools Windows 10
32. Hack Tools Mac
33. Pentest Tools Port Scanner
34. Hacking Tools
35. Pentest Tools Open Source
36. Hacking Tools For Kali Linux
37. Hack Tools 2019
38. Pentest Tools Open Source
39. Hacking Tools Software
40. World No 1 Hacker Software
41. Hack App
42. Hacker Tools For Pc
43. Hacker Tools Free
44. Wifi Hacker Tools For Windows
45. Pentest Tools Subdomain
46. Hack Rom Tools
47. Hack Apps
48. Physical Pentest Tools
49. Pentest Recon Tools
50. Hacker Tools Linux
51. Pentest Recon Tools
52. Hacking Tools For Kali Linux
53. Pentest Tools Review
54. Hacking Apps
55. Hacker Tools
56. Best Pentesting Tools 2018
57. Hacker Tools Free
58. Hacker Tools Free Download
59. Hacker Tools Online
60. Computer Hacker
61. Pentest Automation Tools
62. Beginner Hacker Tools
63. Install Pentest Tools Ubuntu
64. Hack Tools Pc
65. Pentest Tools Free
66. Pentest Tools Find Subdomains
67. Hacker Tools For Windows
68. Hacking Tools Free Download
69. Github Hacking Tools
70. Free Pentest Tools For Windows
71. Black Hat Hacker Tools
72. Hack Tools Pc
73. Hackers Toolbox
74. Hacker Tools 2020
75. Hacking App
76. Tools For Hacker
77. Hacker Tools 2020
78. Hacker Tool Kit
79. Pentest Reporting Tools
80. Tools Used For Hacking
81. Hacking Tools
82. Hacker Tools For Pc
83. What Are Hacking Tools
84. Hacker Tools For Mac
85. Pentest Tools Tcp Port Scanner
86. Hacking Tools Download
87. Hacker Techniques Tools And Incident Handling
88. Hack Website Online Tool
89. Hack Tools
90. Pentest Box Tools Download
91. Github Hacking Tools
92. Pentest Tools Download
93. Free Pentest Tools For Windows
94. Best Pentesting Tools 2018
95. Hack Tools For Games
96. Hacker Tools Github
97. Growth Hacker Tools
98. Hacking Tools For Games
99. Bluetooth Hacking Tools Kali
100. Hacking Tools Online
101. Wifi Hacker Tools For Windows
102. New Hacker Tools
103. Wifi Hacker Tools For Windows
104. Hacker Techniques Tools And Incident Handling
105. Hacker Tools Free Download
106. Hacking Tools For Windows 7
107. Hacking Tools Windows 10
108. Best Hacking Tools 2019
109. Pentest Tools For Mac
110. New Hack Tools
111. Pentest Tools Alternative
112. Hacking Tools
113. Hack Website Online Tool
114. Hacking Tools 2020
115. How To Install Pentest Tools In Ubuntu
116. Hacker Tools For Ios
117. Hack Tools Pc
118. Hack Tools 2019
119. Hack Tools 2019
120. Nsa Hack Tools
121. Hack Tools For Windows
122. Hack Tools For Windows
123. Kik Hack Tools
124. Hacker Tools Apk
125. Hacker Tools Free Download
126. Pentest Tools Kali Linux
127. Hacker Tools For Windows
128. Hak5 Tools
129. Hack Tools Mac
130. Hacker Tools Windows
131. Install Pentest Tools Ubuntu
132. Kik Hack Tools
133. Hacking Tools Github
134. Hacking Tools For Games
135. Hacker Tools For Mac
136. Tools For Hacker
137. Hacker Tools Free
138. Best Pentesting Tools 2018
139. Pentest Tools Android
140. Hacker Security Tools
141. Pentest Tools Apk
142. Hacking Tools 2019
143. Pentest Tools Url Fuzzer
144. Pentest Tools Review
145. Kik Hack Tools
146. Pentest Tools For Android
147. Pentest Box Tools Download
148. Pentest Tools Find Subdomains
149. Hacker Tools Linux
150. Hacking Tools Mac
151. Pentest Tools Bluekeep
152. Hacker Tools
153. Hacking Tools
154. Hacker Tools Apk Download
155. Best Hacking Tools 2019
156. Hack Tool Apk No Root
157. Pentest Tools Url Fuzzer
158. Hacking Tools Github
159. Pentest Tools Download
160. Best Hacking Tools 2019
161. Hacking Tools Kit
162. Hacker Tools Github
163. Hack Tools For Pc
164. Pentest Tools Url Fuzzer
165. Underground Hacker Sites
166. Hacker Tools 2020
167. Hacker Tools Online
168. Tools For Hacker
169. Hack Tools For Ubuntu
170. Pentest Tools Website Vulnerability
171. Hacking Tools For Windows