An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Related posts
- Hacker Tools Hardware
- Pentest Tools Website
- Pentest Tools Kali Linux
- World No 1 Hacker Software
- Hacking Tools For Windows Free Download
- Hacking Tools
- Hack Tools For Pc
- Hacking Tools For Kali Linux
- Hacker Tools Free Download
- Github Hacking Tools
- Top Pentest Tools
- Hacker Tools
- Usb Pentest Tools
- Hacker Search Tools
- Pentest Automation Tools
- Hacker Tools 2019
- Pentest Tools Port Scanner
- Tools For Hacker
- Pentest Tools Review
- Hacking Tools Software
- Pentest Tools Subdomain
- Hack Apps
- Hack Tool Apk
- Pentest Tools Linux
- Bluetooth Hacking Tools Kali
- Pentest Tools Online
- Pentest Recon Tools
- Hacking Tools Software
- Hacker Tools Free Download
- Easy Hack Tools
- Bluetooth Hacking Tools Kali
- Github Hacking Tools
- Hacking App
- Pentest Tools Tcp Port Scanner
- Easy Hack Tools
- Hacking Tools For Games
- Hacking Tools Windows
- Hack Apps
- Hacking Tools For Mac
- Hacking Tools Free Download
- Hacking Tools Kit
- Hacking Tools For Windows Free Download
- Hack Tools For Games
- Pentest Tools Subdomain
- Hacker Tools 2019
- Hack Tools Online
- Hack Tools Online
- Pentest Tools Apk
- Bluetooth Hacking Tools Kali
- Hacker Search Tools
- Hackrf Tools
- Hacking Tools 2019
- New Hacker Tools
- Hacker Tools 2019
- Pentest Tools Find Subdomains
- Usb Pentest Tools
- Hack Tools For Ubuntu
- Hacking Tools Mac
- How To Hack
- Android Hack Tools Github
- Nsa Hacker Tools
- Blackhat Hacker Tools
- Hack Website Online Tool
- Hacker Tools Apk Download
- Hacker Tools Free Download
- Hacker Tools Linux
- New Hack Tools
- Hackrf Tools
- Hacker Tools Apk
- Underground Hacker Sites
- Pentest Tools Tcp Port Scanner
- Pentest Tools Windows
- Hack Apps
- Beginner Hacker Tools
- Hack Tools For Ubuntu
- Hacker Tools List
- Hacker Tools 2019
- Pentest Tools List
- Pentest Automation Tools
- Hack Rom Tools
- Hacking Tools Software
- Tools Used For Hacking
- Hacker Tools
- Tools Used For Hacking
- Hacking Tools Pc
- Hacking Tools Name
- Hack Tools 2019
- Pentest Tools Linux
- Hacker Tools Online
- Hacking Tools Pc
- Tools 4 Hack
- Kik Hack Tools
- Hacker Tools Free Download
- Hack Tools Github
- Pentest Tools Url Fuzzer
- Hacking Tools For Windows 7
- How To Hack
- Top Pentest Tools
- Hacking Tools Windows
- Hack And Tools
- Pentest Tools Website
- Hack Website Online Tool
- Pentest Tools For Windows
- Pentest Tools Nmap
- Pentest Tools Android
- Pentest Tools Open Source
- Hack App
- Hacker Tools Apk Download
- Install Pentest Tools Ubuntu
- Hacking Tools Windows
- Physical Pentest Tools
- Pentest Recon Tools
- Pentest Tools Download
- Pentest Tools Kali Linux
- Physical Pentest Tools
- Hacker Search Tools
- Hacking Tools For Beginners
- Hacking Tools Windows
- Pentest Tools Bluekeep
- Hack Tools 2019
- Hacking Tools For Mac
- Computer Hacker
- Hacking Tools Github
- Hacker Tool Kit
- Hak5 Tools
- Pentest Recon Tools
- Nsa Hacker Tools
- Hacker Tools Apk
- Pentest Reporting Tools
- Hacker Tools Online
Tidak ada komentar:
Posting Komentar