An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Related links
- Pentest Tools For Ubuntu
- How To Make Hacking Tools
- Pentest Tools Framework
- Bluetooth Hacking Tools Kali
- Pentest Tools Tcp Port Scanner
- Top Pentest Tools
- Hacking Tools 2019
- How To Hack
- Pentest Tools Find Subdomains
- Hacker Tools Github
- World No 1 Hacker Software
- Pentest Reporting Tools
- Nsa Hack Tools Download
- Hacker Tools Linux
- Hacking Tools 2019
- Kik Hack Tools
- Termux Hacking Tools 2019
- Pentest Automation Tools
- Underground Hacker Sites
- Usb Pentest Tools
- Pentest Tools Github
- Pentest Tools List
- Pentest Tools For Windows
- Bluetooth Hacking Tools Kali
- Kik Hack Tools
- Nsa Hacker Tools
- Hacking Tools Name
- Pentest Tools List
- Hacking Tools For Pc
- Hacker Tools For Mac
- Pentest Tools For Mac
- Hacking Tools Download
- Free Pentest Tools For Windows
- Free Pentest Tools For Windows
- Hack Tools Pc
- Pentest Tools Framework
- Hacker Tools For Mac
- Top Pentest Tools
- Growth Hacker Tools
- Hacker Tools Mac
- Hacking Tools Mac
- Physical Pentest Tools
- Hacker Tools Github
- Pentest Tools Url Fuzzer
- Pentest Tools List
- Hacker Tools Mac
- Nsa Hacker Tools
- Kik Hack Tools
- Hacker Tools Free
- Hacker Tools For Ios
- Hacker Tools For Ios
- Pentest Tools Framework
- Tools Used For Hacking
- Hacking Tools And Software
- Pentest Tools Nmap
- Pentest Reporting Tools
- Hacking Tools For Windows 7
- Pentest Tools Website Vulnerability
- Hacking Tools Kit
- How To Make Hacking Tools
- Hack Tools For Games
- Hacking Tools Free Download
- Hack Tools Download
- Bluetooth Hacking Tools Kali
- Hack Tool Apk No Root
- Hacker Tools For Mac
- Hacker Tools For Pc
- Physical Pentest Tools
- Hacker Security Tools
- Game Hacking
- Nsa Hacker Tools
- Hack Tools
- Wifi Hacker Tools For Windows
- Hacker Tools Software
- Hack Tools For Pc
- Tools For Hacker
- Wifi Hacker Tools For Windows
- Easy Hack Tools
- Hackers Toolbox
- Hack Rom Tools
- Hacker Tools
- Hacker Tools List
- Pentest Tools Alternative
- Pentest Tools Website Vulnerability
- Hacking Tools Download
- Hacking Tools Windows 10
- Tools Used For Hacking
- Game Hacking
- Hacking Tools 2019
- Hacker Hardware Tools
- Hacking Apps
- Pentest Tools Review
- Hacker Tools For Ios
- Hacking Tools For Beginners
- How To Hack
- Hacking Tools Usb
- Pentest Tools Nmap
- Pentest Reporting Tools
- Hacking Tools For Windows Free Download
- Pentest Tools Kali Linux
- What Is Hacking Tools
- Hacker Tools Software
- Hacker Tools Linux
- Ethical Hacker Tools
- Hack Apps
- Hack Tools Mac
- Pentest Tools For Mac
- Hacking Tools For Pc
- Tools 4 Hack
- Best Pentesting Tools 2018
- Pentest Tools Linux
- Hacking Tools For Pc
- Pentest Tools Online
- Hacker Tools Github
- Hack App
- Hacker Tools Free Download
- Hackrf Tools
- Kik Hack Tools
- Install Pentest Tools Ubuntu
- Hacking Tools Free Download
- Hacking Tools For Kali Linux
No comments:
Post a Comment