Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More articles

1. Pentest Tools Download
2. Hacking Tools For Windows Free Download
3. Hacking Tools Usb
4. Pentest Tools Windows
5. Hack Apps
6. Hacking Tools For Mac
7. Hacking Tools Software
8. Best Hacking Tools 2019
9. Hacking Tools Mac
10. How To Make Hacking Tools
11. Growth Hacker Tools
12. Hack Tools For Windows
13. Hacker Hardware Tools
14. Hacking Tools Free Download
15. Top Pentest Tools
16. Hacker Tools Software
17. World No 1 Hacker Software
18. World No 1 Hacker Software
19. Hack Tool Apk
20. Hackrf Tools
21. Pentest Tools For Mac
22. Pentest Automation Tools
23. How To Hack
24. Pentest Tools Alternative
25. Hack Tool Apk
26. Hacker Tools For Windows
27. Hacker Tools List
28. Hack Tools For Games
29. Hack Rom Tools
30. Pentest Tools Nmap
31. Hacking Tools 2020
32. Pentest Tools For Windows
33. Pentest Tools Nmap
34. Best Hacking Tools 2019
35. Pentest Tools Subdomain
36. What Is Hacking Tools
37. Pentest Tools List
38. Hacker Tools 2019
39. Hackers Toolbox
40. Hacker Tools 2020
41. Hacking Tools Online
42. Hacker Tools Free
43. Wifi Hacker Tools For Windows
44. Hacker
45. Game Hacking
46. Pentest Tools Port Scanner
47. Hack Tools For Mac
48. Pentest Tools For Mac
49. Kik Hack Tools
50. Hacking Tools For Games
51. Hacker Tool Kit
52. Nsa Hack Tools Download
53. How To Hack
54. Hacker Tools Apk Download
55. Hack Tools Mac
56. Hacker Tools Free Download
57. Nsa Hack Tools
58. Hack Tool Apk No Root
59. Nsa Hack Tools
60. Top Pentest Tools
61. Pentest Tools Find Subdomains
62. Hacker Tools 2020
63. Pentest Tools Download
64. Pentest Tools Alternative
65. Pentest Tools Download
66. Pentest Tools Alternative
67. Pentest Tools Linux
68. What Is Hacking Tools
69. Install Pentest Tools Ubuntu
70. Physical Pentest Tools
71. Hacking Tools Free Download
72. How To Install Pentest Tools In Ubuntu
73. Bluetooth Hacking Tools Kali
74. Pentest Tools For Mac
75. Hack Tools Github
76. Hacker Hardware Tools
77. Hacker Tools For Mac
78. Pentest Tools Windows
79. Hacking Tools
80. Hack Tools For Games
81. Blackhat Hacker Tools
82. Pentest Tools List
83. Best Pentesting Tools 2018
84. Hacker Tools For Ios
85. Easy Hack Tools
86. Hacker Tools 2019
87. Hacking Tools Hardware
88. Hacker
89. Hacking Tools 2020
90. Hack Tool Apk
91. Pentest Tools List
92. Hack Tools Mac
93. Hacking Apps
94. Pentest Tools Review
95. Termux Hacking Tools 2019
96. Black Hat Hacker Tools
97. Pentest Automation Tools
98. Hack Tools 2019
99. Hacker Tools Hardware
100. Hacker Security Tools
101. Hacking Tools Hardware
102. Hacker Tools Hardware
103. Hacker Tools 2019
104. Hacking Tools For Mac
105. Hacking Apps
106. What Are Hacking Tools
107. Tools Used For Hacking
108. Hacker Tools 2020
109. Hack App
110. How To Make Hacking Tools
111. Hack App
112. Hacker Tools For Windows
113. Hacker Tools 2019
114. Github Hacking Tools
115. Hacking Tools For Windows
116. Hacker Search Tools
117. Pentest Tools Website Vulnerability
118. Bluetooth Hacking Tools Kali
119. Pentest Tools Url Fuzzer
120. Install Pentest Tools Ubuntu
121. Hack Rom Tools
122. Best Hacking Tools 2020
123. Hack Tools For Ubuntu
124. Hacker Tools Hardware
125. Hacker Tools For Ios
126. Hacker Tools Mac
127. Hacking Tools Name
128. Hack Apps
129. Hack Tool Apk No Root