An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Related news
- Pentest Tools Tcp Port Scanner
- Install Pentest Tools Ubuntu
- Pentest Tools Online
- Hacking Tools Online
- Game Hacking
- Hacking Tools 2019
- Hacking Tools
- Hack Rom Tools
- Best Hacking Tools 2020
- Pentest Tools Framework
- Pentest Tools Framework
- Wifi Hacker Tools For Windows
- Tools Used For Hacking
- How To Hack
- Hacking Tools For Windows
- Pentest Tools List
- Beginner Hacker Tools
- Top Pentest Tools
- Install Pentest Tools Ubuntu
- Hacking Tools Kit
- Hack Tools Github
- Pentest Tools Find Subdomains
- Pentest Tools Tcp Port Scanner
- Tools For Hacker
- Pentest Automation Tools
- Pentest Tools
- Hackers Toolbox
- Hacker Search Tools
- Growth Hacker Tools
- Hacker Tools For Windows
- Hacker Hardware Tools
- How To Install Pentest Tools In Ubuntu
- Hacker Tools
- Pentest Tools Online
- Pentest Tools Android
- Github Hacking Tools
- Hacker Tools Free Download
- Hack Website Online Tool
- Pentest Tools Kali Linux
- Hacking Tools 2019
- Hacking Tools For Pc
- Kik Hack Tools
- Hacker Tools For Ios
- Hack Tools For Mac
- Hack Tools Mac
- Hacks And Tools
- Hacking Tools Github
- Hacking Tools 2019
- Free Pentest Tools For Windows
- Hacking Tools Online
- Hacking Tools Github
- Tools 4 Hack
- Pentest Tools For Android
- Android Hack Tools Github
- Hacker Tools Free Download
- Hacker Hardware Tools
- Usb Pentest Tools
- Hacker Tools Windows
- Pentest Tools
- Pentest Tools Nmap
- Pentest Tools Website Vulnerability
- Blackhat Hacker Tools
- New Hacker Tools
- Hacking Tools For Pc
- Github Hacking Tools
- Pentest Tools Open Source
- Bluetooth Hacking Tools Kali
- Best Hacking Tools 2020
- Install Pentest Tools Ubuntu
- Hacker
- Pentest Recon Tools
- Hacking Tools For Windows 7
- Pentest Tools Subdomain
- Nsa Hack Tools Download
- Hacker Tools For Pc
- Top Pentest Tools
- Hacker Tools 2020
- Pentest Tools Review
- Hacking Tools For Windows Free Download
- Hacker Tools Apk Download
- Hack Tools For Pc
- Hack Apps
- Hak5 Tools
- Beginner Hacker Tools
- Hacker Tools List
- Hack Tools Github
- Pentest Tools Linux
- Pentest Tools For Ubuntu
- Hacks And Tools
- Hackrf Tools
- Growth Hacker Tools
- Hacker Tools Mac
- Hacking Tools Mac
- Pentest Tools Alternative
- Pentest Tools Find Subdomains
- Hack Tools Online
- Hacking Apps
- Hack Tools
- Pentest Tools
- Hack Tools
- Hack Tools
- Hacker Hardware Tools
- How To Make Hacking Tools
- Pentest Tools Github
- Underground Hacker Sites
- Hacker Tools For Ios
- Hack Apps
- Bluetooth Hacking Tools Kali
- Nsa Hacker Tools
- Pentest Tools Website
- Pentest Tools
- Hacker Tools Linux
- Hacking Tools For Windows
- Hacker Tools
- Hacking Tools For Mac
- Hack And Tools
- Pentest Tools For Android
- Hack Tool Apk
- Hack Tools Pc
- Hacker Tools Github
- Hacking Tools For Windows Free Download
- Hacking Tools Download
Nenhum comentário:
Postar um comentário