An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
More information- Pentest Tools Linux
- Termux Hacking Tools 2019
- Best Pentesting Tools 2018
- Easy Hack Tools
- Hack Rom Tools
- New Hacker Tools
- Easy Hack Tools
- Hack Tool Apk No Root
- Hacking Tools Mac
- Computer Hacker
- Wifi Hacker Tools For Windows
- Hacking Tools Software
- Pentest Reporting Tools
- Pentest Tools Tcp Port Scanner
- Github Hacking Tools
- Hacker Tools Mac
- Best Pentesting Tools 2018
- Hack Tools
- Pentest Tools Android
- How To Install Pentest Tools In Ubuntu
- Hack Tools For Windows
- Hack Tools 2019
- Usb Pentest Tools
- Underground Hacker Sites
- Pentest Tools For Mac
- Hack Tools
- Pentest Tools Apk
- Pentest Tools For Ubuntu
- Pentest Tools Open Source
- Hacking Tools For Mac
- Hacking Tools For Beginners
- Hacker Tools Apk
- Hack Rom Tools
- Hacking Tools Hardware
- Pentest Tools Windows
- Pentest Tools For Mac
- Hacking Tools 2019
- Pentest Tools Open Source
- Hacker Tools Linux
- Blackhat Hacker Tools
- Pentest Tools Linux
- Easy Hack Tools
- Hacking Tools Mac
- Hacking Tools 2020
- Hacks And Tools
- Hack Apps
- Pentest Tools Port Scanner
- Hacker Tools 2019
- Hacking Tools For Mac
- Hack Tools For Mac
- Pentest Recon Tools
- Hacker Tools For Mac
- Hacking Tools For Beginners
- Hacker Tools 2019
- Pentest Tools Framework
- Hacking Tools And Software
- Pentest Tools For Mac
- Free Pentest Tools For Windows
- Pentest Box Tools Download
- Pentest Tools Open Source
- Hack Tools Pc
- Pentest Tools Subdomain
- How To Install Pentest Tools In Ubuntu
- Best Pentesting Tools 2018
- Hack Tools For Games
- Hacker Tools Online
- New Hacker Tools
- How To Install Pentest Tools In Ubuntu
- Hacker Security Tools
- What Are Hacking Tools
- Hack Tools For Games
- Growth Hacker Tools
- Hacks And Tools
- Best Hacking Tools 2020
- Beginner Hacker Tools
- Hacker
- Github Hacking Tools
- Hacking Tools For Windows
- Kik Hack Tools
- Hacker Tools For Mac
- Hack Tools For Windows
- Pentest Tools Subdomain
- Pentest Tools Bluekeep
- Bluetooth Hacking Tools Kali
- Pentest Tools Subdomain
- Hacking Tools Github
- Pentest Tools Windows
- Pentest Tools Open Source
- Hacker
- Hacking Tools Github
- Hack Tools For Pc
- Pentest Tools For Ubuntu
- Hack Tool Apk No Root
- Hacking Tools 2020
- Nsa Hacker Tools
- Termux Hacking Tools 2019
- Hack Tools Pc
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Url Fuzzer
- Kik Hack Tools
- Pentest Recon Tools
- Hacker Tools Mac
- Hacking Tools For Windows
- Hacking App
- Tools 4 Hack
- Pentest Tools Free
- Computer Hacker
- Usb Pentest Tools
- Pentest Tools Port Scanner
- Black Hat Hacker Tools
- Kik Hack Tools
- Best Hacking Tools 2020
- Hacker Tools Free Download
- Hack Tools For Pc
- Free Pentest Tools For Windows
- Hack Tools Online
- Pentest Tools Online
- Hacking Tools Kit
- Hacker Security Tools
- Hack Tools
- Hacker Tools For Mac
- Hacker Tools Free Download
- Pentest Tools Port Scanner
- Pentest Tools Android
- How To Make Hacking Tools
- Tools Used For Hacking
- Pentest Tools Framework
- Pentest Tools Apk
- How To Hack
- Hacking Tools 2019
- Hack Tool Apk
- Hacking Tools Github
- Hacker Tools Apk
- Hacking App
- Ethical Hacker Tools
- Pentest Tools Open Source
- How To Hack
- Pentest Automation Tools
No hay comentarios:
Publicar un comentario