An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
More information
- Hack Tools Pc
- Hack Website Online Tool
- Kik Hack Tools
- Hackrf Tools
- Hacking Tools Download
- Nsa Hack Tools Download
- Hack Tool Apk
- Beginner Hacker Tools
- Hacking Tools For Windows 7
- Nsa Hack Tools
- How To Hack
- Hacking Tools
- Tools For Hacker
- Hacker Tools Linux
- Black Hat Hacker Tools
- Hack Tools For Ubuntu
- How To Hack
- Growth Hacker Tools
- Hack Rom Tools
- Hacker Tools 2019
- Android Hack Tools Github
- Hacker Tools For Windows
- Hackrf Tools
- Pentest Tools Find Subdomains
- How To Install Pentest Tools In Ubuntu
- Hacking Tools For Pc
- Install Pentest Tools Ubuntu
- Hackrf Tools
- Best Pentesting Tools 2018
- Hack Tools 2019
- Hacker Tools Hardware
- Hack Tools 2019
- Hackers Toolbox
- Pentest Tools Alternative
- Hacker Tools For Pc
- Game Hacking
- Hack Rom Tools
- Install Pentest Tools Ubuntu
- Pentest Tools Find Subdomains
- Pentest Tools Alternative
- Hack Tools Pc
- Pentest Tools Download
- Pentest Tools Subdomain
- Hacker Tools Github
- Hack Tools Mac
- Tools Used For Hacking
- Hack Tools For Pc
- Hacker Hardware Tools
- New Hack Tools
- Hacking Tools Mac
- Install Pentest Tools Ubuntu
- Hack Tools
- Pentest Tools Website Vulnerability
- Hacking Tools Usb
- Hack Tools For Mac
- Hacker Tools For Ios
- Pentest Box Tools Download
- Bluetooth Hacking Tools Kali
- Hacker Tools List
- Hacker Tools Free
- New Hacker Tools
- Pentest Tools Download
- Hack Tools Pc
- Pentest Tools Free
- New Hack Tools
- Hacker Tools 2019
- Underground Hacker Sites
- Hacking Tools For Windows
- Bluetooth Hacking Tools Kali
- New Hacker Tools
- Hacker Tools Online
- Hacking Tools Github
- Hacking Tools Free Download
- Hack Tools For Mac
- Pentest Tools Alternative
- Pentest Tools For Ubuntu
- Pentest Tools Find Subdomains
- Hacks And Tools
- Underground Hacker Sites
- Pentest Tools Website
- Hacking Tools For Kali Linux
- New Hacker Tools
- Hacking Tools Mac
- Pentest Automation Tools
- Pentest Tools Subdomain
- World No 1 Hacker Software
- Hacking Tools For Mac
- Hack Tools For Ubuntu
- Hack And Tools
- Hacking Tools Hardware
- Best Hacking Tools 2020
- Growth Hacker Tools
- Hacking Tools Download
- Hacker Tools 2019
- Hack Apps
- Hacker Tools Mac
- Hack App
- Nsa Hack Tools
- Hack Tools For Ubuntu
- Hack And Tools
- Hacker Tools For Mac
- Pentest Tools Nmap
- Ethical Hacker Tools
- Hacking Tools Online
- Hacking Apps
- Hacking Tools For Windows
- Nsa Hack Tools
- Tools Used For Hacking
- Hacking Tools Software
- Hacker
- Hack Tools
- Hacking App
- Hack Tools
- Hack Tool Apk No Root
- Hackers Toolbox
- Hack Tools Pc
- How To Make Hacking Tools
- Hacking Tools For Beginners
- Best Hacking Tools 2020
- Hacker Tools Apk
- Hacking Tools And Software
- Hacker Hardware Tools
- Hacking Tools 2020
- How To Make Hacking Tools
Nessun commento:
Posta un commento