An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Related news
- Hacker Tools List
- Pentest Tools Download
- Hackrf Tools
- Pentest Recon Tools
- Pentest Tools For Windows
- Pentest Tools Port Scanner
- Tools For Hacker
- Hacker Tools Free
- Hak5 Tools
- Pentest Tools
- Top Pentest Tools
- Tools 4 Hack
- How To Hack
- Tools 4 Hack
- Pentest Tools Framework
- World No 1 Hacker Software
- Hacking Tools For Windows
- How To Hack
- Pentest Tools
- Hacker Tools Hardware
- Install Pentest Tools Ubuntu
- Pentest Tools Open Source
- Hacker Tools Github
- Hacker
- Tools For Hacker
- Pentest Tools Android
- Pentest Recon Tools
- Android Hack Tools Github
- Pentest Tools Subdomain
- How To Hack
- Hak5 Tools
- Hacks And Tools
- Pentest Tools Review
- Hacking Tools Software
- Pentest Tools Windows
- Pentest Tools Free
- Hack Apps
- Hacker
- Best Pentesting Tools 2018
- Hack Rom Tools
- Kik Hack Tools
- Pentest Tools Github
- Hacking Tools Name
- New Hacker Tools
- Hacker Tools Free
- Github Hacking Tools
- Hacker Tools Github
- Pentest Tools Download
- Hack App
- Hacking Tools For Mac
- Growth Hacker Tools
- Pentest Tools Bluekeep
- Nsa Hack Tools Download
- Hack Tools For Games
- How To Install Pentest Tools In Ubuntu
- Hack Tool Apk No Root
- Hacking Tools Kit
- Underground Hacker Sites
- Nsa Hack Tools
- Hacker Tools 2020
- Hacking Tools Kit
- Hack Tools Github
- New Hack Tools
- Pentest Automation Tools
- Install Pentest Tools Ubuntu
- Physical Pentest Tools
- Usb Pentest Tools
- Hack Tools Mac
- Pentest Tools Github
- Pentest Recon Tools
- Hack And Tools
- Hack Tools For Games
- Pentest Tools Online
- Hacker Techniques Tools And Incident Handling
- Easy Hack Tools
- Pentest Reporting Tools
- Hacker Hardware Tools
- Pentest Box Tools Download
- Pentest Tools Review
- Pentest Tools Website Vulnerability
- Pentest Tools For Android
- New Hacker Tools
- Pentest Tools Free
- Android Hack Tools Github
- Pentest Tools Linux
- Hacking Tools
- Pentest Tools Subdomain
- Hacks And Tools
- Pentest Tools Windows
- Hacking Tools Name
- Hacker Tools Hardware
- Hacks And Tools
- Computer Hacker
- Hacking Tools Name
- Hack Tools Github
- Best Pentesting Tools 2018
- Hacker Search Tools
- Pentest Tools Windows
- Hack Tool Apk
- Hack Apps
- Hacking Tools Mac
- Hacking Tools Mac
- Hacks And Tools
- Hack Tools For Pc
- Pentest Tools Alternative
- Hacking Tools Github
- Nsa Hack Tools Download
- Game Hacking
- Hack Tools Online
- Hack Rom Tools
- Hacker Tools Free Download
- Pentest Tools Bluekeep
- Pentest Tools Github
- Hacker Tools Apk Download
- Kik Hack Tools
- Hacking Tools For Windows Free Download
- Best Pentesting Tools 2018
- Pentest Tools For Android
- Hack Tools Pc
- Hacker Search Tools
- Hacker Techniques Tools And Incident Handling
- Hacker Tools Windows
- Termux Hacking Tools 2019
0 comments:
Post a Comment