An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Continue reading
- Pentest Reporting Tools
- Hacking Tools For Mac
- Hacker Tools Windows
- Hacker Tools Hardware
- Physical Pentest Tools
- Hacker Tools For Mac
- Nsa Hacker Tools
- Hacker Tools Mac
- Pentest Tools Github
- Blackhat Hacker Tools
- Hack And Tools
- Pentest Reporting Tools
- Pentest Tools Android
- Hacker Tools Mac
- Hack Tools
- Nsa Hack Tools
- Hacker Search Tools
- Pentest Automation Tools
- Game Hacking
- Hacking Tools And Software
- Pentest Tools Online
- Pentest Tools Url Fuzzer
- Hacker Tools 2020
- Hacker Tools Mac
- Hacker Tools For Mac
- Hak5 Tools
- Hack Tools For Ubuntu
- Pentest Tools Nmap
- Pentest Tools Download
- Hack Tools
- Hacker Tools Apk Download
- Tools For Hacker
- Hacking Tools For Beginners
- Bluetooth Hacking Tools Kali
- Pentest Tools List
- Tools Used For Hacking
- Nsa Hack Tools
- Hacking Tools For Pc
- Hak5 Tools
- Hack Tools For Games
- Hacker Security Tools
- Hack Tools For Mac
- Hackrf Tools
- Best Hacking Tools 2020
- Hacking App
- Hack App
- Hacker Tools Linux
- Hack Tools Mac
- Hacker Tools Free
- Hacking Tools
- Hacker Tools Windows
- Nsa Hack Tools
- Hack And Tools
- Best Hacking Tools 2020
- Hack Tools Online
- Hacker Tools For Pc
- Hacker Tools For Pc
- Hacker Tools Free Download
- Tools 4 Hack
- Hacker Tools For Ios
- Hacker Tools Windows
- Pentest Tools Kali Linux
- Hacking Tools Windows
- Pentest Tools Download
- Hack Tool Apk
- Hacker Tools Windows
- Hacker Tools Free
- Pentest Tools Kali Linux
- Hackers Toolbox
- Hack App
- Hacker Tools List
- Pentest Tools For Ubuntu
- Hacker Tools For Mac
- Termux Hacking Tools 2019
- Pentest Tools Review
- Hacks And Tools
- Hacker Security Tools
- Hacking Tools Software
- Hacker
- Hacker Tools Hardware
- Install Pentest Tools Ubuntu
- Pentest Tools Framework
- Hacking Tools Usb
- Hack Tool Apk
- World No 1 Hacker Software
- Pentest Tools Open Source
- Pentest Tools List
- Pentest Tools Review
- Hacker Search Tools
- Pentest Tools Find Subdomains
- Underground Hacker Sites
- Pentest Tools Port Scanner
- Pentest Tools Tcp Port Scanner
- Pentest Tools Open Source
- Hack Rom Tools
- Hacker
- Hacker Techniques Tools And Incident Handling
- Best Hacking Tools 2020
- Pentest Tools Download
- Pentest Tools Tcp Port Scanner
ليست هناك تعليقات:
إرسال تعليق