Iranian Hackers Using New PowerShell Backdoor In Cyber Espionage Attacks

 

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More information

1. Hacker Tools List
2. How To Hack
3. Android Hack Tools Github
4. Hacker Tools Github
5. Hacking Tools For Games
6. Hack Tools For Mac
7. Underground Hacker Sites
8. Pentest Tools For Android
9. Pentest Tools
10. New Hack Tools
11. Hacker Tools For Mac
12. Best Hacking Tools 2020
13. Bluetooth Hacking Tools Kali
14. Hack Tools Pc
15. World No 1 Hacker Software
16. Hacker Tools
17. Pentest Tools Find Subdomains
18. Pentest Tools Linux
19. Pentest Tools Download
20. Hacker Search Tools
21. Hacking Tools For Windows
22. Hacking Tools For Mac
23. Pentest Tools Review
24. Pentest Tools
25. Pentest Tools Url Fuzzer
26. Hacking App
27. Pentest Tools Find Subdomains
28. Hack Tools For Games
29. Hacking App
30. Pentest Tools Download
31. Pentest Recon Tools
32. New Hacker Tools
33. Pentest Tools Review
34. Nsa Hack Tools Download
35. Hack Tool Apk
36. Hacking Tools Mac
37. Hacker Tools Apk
38. Hacker Tool Kit
39. Nsa Hack Tools Download
40. What Is Hacking Tools
41. Pentest Tools Linux
42. Hacking Tools 2019
43. Hacking Tools
44. Tools Used For Hacking
45. Hacker Tools Github
46. Hacking Tools Usb
47. Hacking Tools Free Download
48. Pentest Tools
49. Pentest Tools Online
50. Easy Hack Tools
51. Hacks And Tools
52. Hacker Tools Online
53. Pentest Recon Tools
54. Hack Tool Apk
55. Hacking Tools Software
56. Hacker Tools For Windows
57. Hacking Tools For Pc
58. Install Pentest Tools Ubuntu
59. Hack Tools Github
60. Tools For Hacker
61. Hacking Tools Mac
62. Hacker Tools Mac
63. Hacker Tools Software
64. Hacker Tools
65. Hack Tools 2019
66. Hak5 Tools
67. Hack Apps
68. Hack Tool Apk
69. Physical Pentest Tools
70. Hack Tools For Games
71. Hack Apps
72. Nsa Hack Tools Download
73. Hacking Tools For Beginners
74. Pentest Tools Download
75. Hacking Tools For Kali Linux
76. How To Make Hacking Tools
77. Pentest Tools Website
78. Hacker Tools Github
79. Pentest Tools Review
80. Pentest Tools Review
81. Pentest Tools Open Source
82. Pentest Tools Online
83. Hack Tools Online
84. Hack Tools Mac
85. Pentest Tools Apk
86. Hacking Tools For Mac
87. Hacking Tools For Kali Linux
88. Hack Apps
89. Android Hack Tools Github
90. How To Hack
91. Nsa Hack Tools Download
92. Hacking Tools 2020
93. Hacking App
94. Hacker Tools Free
95. Hacking Tools Download
96. Pentest Tools
97. Hacker Tools List
98. Hacker Tools Mac
99. Pentest Tools Tcp Port Scanner
100. Github Hacking Tools
101. Ethical Hacker Tools
102. Pentest Tools For Ubuntu
103. Hack Website Online Tool
104. Hack Apps
105. Pentest Tools Nmap
106. Hack Tools Download
107. Hacker Search Tools
108. Hack Rom Tools
109. Pentest Tools
110. How To Install Pentest Tools In Ubuntu
111. Top Pentest Tools
112. Hacking App
113. Hack Tools Online
114. Hacking Tools Software
115. Pentest Tools Bluekeep
116. Pentest Tools For Android
117. Hacking Tools For Mac
118. New Hacker Tools
119. Growth Hacker Tools
120. Hacking Tools Download