An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Related news
- Hacker Tools Mac
- What Are Hacking Tools
- Pentest Tools Linux
- Hack Tools Github
- Hacking Tools Pc
- Nsa Hacker Tools
- Beginner Hacker Tools
- How To Install Pentest Tools In Ubuntu
- Hacker Tools For Pc
- Blackhat Hacker Tools
- Hacking Tools For Mac
- Nsa Hack Tools
- New Hacker Tools
- Hacker Tools Windows
- Hacker Hardware Tools
- Best Pentesting Tools 2018
- Hacking Tools 2019
- Tools 4 Hack
- Pentest Tools Open Source
- Underground Hacker Sites
- Pentest Tools Github
- Hack Website Online Tool
- Hacker Tools Online
- Hack Tools Online
- Hacking Tools Hardware
- Hacking Tools Name
- Hack Tools Online
- Hacking Tools Name
- Hacking Tools Windows 10
- Pentest Reporting Tools
- What Are Hacking Tools
- Hacking Tools For Pc
- How To Install Pentest Tools In Ubuntu
- Hacker Tools For Mac
- Hack Tools For Mac
- Pentest Tools Website Vulnerability
- Hacker Tools
- Hacking Tools Usb
- Hacker Tools
- Hacking Tools For Beginners
- Pentest Tools Website Vulnerability
- Pentest Tools For Mac
- Hacker Tools Free Download
- Ethical Hacker Tools
- Underground Hacker Sites
- Hacker Tools For Pc
- Wifi Hacker Tools For Windows
- Hack Tools For Mac
- Beginner Hacker Tools
- Pentest Tools Github
- Pentest Tools Android
- Pentest Tools Nmap
- Hacker Tools Apk Download
- Pentest Tools Android
- Pentest Tools Nmap
- Hacking Tools Windows
- Hacking Tools For Pc
- Hacker Tools Github
- Termux Hacking Tools 2019
- Hack Rom Tools
- Hacker Tool Kit
- Kik Hack Tools
- Pentest Tools For Windows
- Hack Tools 2019
- Hacking Tools Windows 10
- Pentest Tools Alternative
- Pentest Tools
- Growth Hacker Tools
- Hack Tools For Pc
- Hacker Tools For Mac
- Hack Tools For Ubuntu
- Pentest Tools Open Source
- Nsa Hack Tools
- Ethical Hacker Tools
- Android Hack Tools Github
- Kik Hack Tools
- Hacking Tools For Windows
- Hacker Tools Apk Download
- Hack Tools
- Hacker Tools 2019
- Pentest Tools Windows
- Hacking Tools For Games
- Nsa Hack Tools Download
- Pentest Tools List
- Usb Pentest Tools
- Hacking Tools Free Download
- Hacking Tools Name
- Pentest Tools Bluekeep
- How To Hack
- Hack Tools Github
- Best Hacking Tools 2020
- What Are Hacking Tools
- Hack Tool Apk
- Hacker Tools 2019
- Wifi Hacker Tools For Windows
- Underground Hacker Sites
- Hack Tools 2019
- Hacking Tools For Beginners
- Hack Tools For Games
- Pentest Tools Find Subdomains
- Physical Pentest Tools
- Hacker Tools For Windows
- Pentest Tools Github
- Hacker Tools 2020
- Hacking Tools Software
- Hacker Tools Mac
- Free Pentest Tools For Windows
- Hacker Tools Free
- Ethical Hacker Tools
- Hacker Tools Free
- Top Pentest Tools
- Hacking Tools Kit
- Hack Apps
- Growth Hacker Tools
- Hackers Toolbox
- Nsa Hack Tools Download
- Hacking Tools Software
- Pentest Tools Apk
- Termux Hacking Tools 2019
- What Is Hacking Tools
- Top Pentest Tools
- Top Pentest Tools
- Hacking Tools For Windows
- Pentest Tools Website Vulnerability
- Hacking Tools For Windows
- Tools 4 Hack
- Hack Tools For Pc
- Hacker Tools
- Physical Pentest Tools
- Pentest Tools For Android
- Pentest Tools Find Subdomains
- Hacking Apps
- Hacking Tools 2020
- Hacking Tools For Beginners
- Hacker Tools For Mac
- Pentest Tools For Ubuntu
- Hak5 Tools
- Hacker Tools Github
- Hack Tools For Games
- Hacker Tools Apk
- Pentest Tools Android
- Hack Tools
- Hacker Tools Linux
- Black Hat Hacker Tools
- Nsa Hack Tools
- Pentest Tools For Mac
- Hacker Tools Free
- Hacking Tools Windows 10
- Hacker Tools Online
- Pentest Tools Port Scanner
- Hacker Security Tools
- Top Pentest Tools
- Game Hacking
No comments:
Post a Comment