An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.
The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.
"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."
The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.
Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.
The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.
Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.
Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.
"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."
Read more- Pentest Reporting Tools
- Hacker Search Tools
- Hacking Tools Mac
- Pentest Tools
- Pentest Tools Online
- Hacker Security Tools
- Hacking Tools 2020
- Hacker Tools Online
- Hacking Tools Hardware
- Usb Pentest Tools
- Hacking Tools Software
- What Are Hacking Tools
- Best Hacking Tools 2020
- Hacking Tools 2020
- Hacker Tools Github
- Android Hack Tools Github
- Hack Tools For Games
- Top Pentest Tools
- Pentest Tools Alternative
- Ethical Hacker Tools
- Hacker Tools Apk
- Hacking Tools For Windows 7
- Tools 4 Hack
- Hacking Tools For Beginners
- Pentest Tools List
- Pentest Tools Subdomain
- Pentest Tools Windows
- Pentest Tools Free
- Hacking App
- Pentest Tools Android
- Tools For Hacker
- Hacker Tools
- Hacking Tools For Games
- Hack App
- Pentest Tools For Ubuntu
- Pentest Tools Bluekeep
- Game Hacking
- Hack Tools Online
- Hack Tools
- Hacking Tools Windows 10
- Hackers Toolbox
- Hackers Toolbox
- Hacker Tools For Mac
- Hacker
- Pentest Tools Download
- Pentest Tools Windows
- Hacker
- Hack Rom Tools
- Hacking Tools Pc
- Hacking Tools Hardware
- Hacker Tools List
- How To Make Hacking Tools
- Kik Hack Tools
- Hacker Tools Windows
- Pentest Tools Kali Linux
- New Hack Tools
- Hacking Tools Hardware
- Pentest Tools For Android
- Hacker Tools For Windows
- Hack Tools For Ubuntu
- Tools Used For Hacking
- Hacker Tools For Mac
- Hack And Tools
- Hackrf Tools
- Hack Tools Online
- Best Hacking Tools 2019
- Hacking Tools Online
- Hack Apps
- Pentest Box Tools Download
- Underground Hacker Sites
- Hacking Tools Online
- Pentest Tools For Mac
- Hacker Tools Software
- Hacker Tools Software
- Pentest Automation Tools
- Pentest Tools Open Source
- Easy Hack Tools
- Hacking Tools Pc
- Hack Tools Mac
- Hack Tools
- Hacker Tools For Pc
- Pentest Tools Website Vulnerability
- Pentest Automation Tools
- Pentest Tools Website
- Tools 4 Hack
- Hacking Tools Free Download
- Pentest Recon Tools
- Pentest Tools For Windows
- Pentest Tools Url Fuzzer
- Hackers Toolbox
- Pentest Tools For Mac
- Hacker Search Tools
- Hack Tool Apk No Root
- Pentest Tools Bluekeep
- Hacking Apps
- What Are Hacking Tools
- Physical Pentest Tools
- Hacker Tools Hardware
- Hacking Tools 2020
- What Are Hacking Tools
- Hacking Tools Usb
- Nsa Hacker Tools
- Hacking Tools Hardware
- Hacker Tools Online
- Pentest Tools For Windows
- Underground Hacker Sites
- Pentest Tools Website
- Pentest Tools Url Fuzzer
- Hacker Tools For Ios
- Hack Tools 2019
- Hacking Tools Online
- Physical Pentest Tools
- Pentest Automation Tools
- Best Hacking Tools 2020
- New Hacker Tools
- Hack Tools Github
- Hack Tools For Pc
- Hacking Tools Download
No hay comentarios:
Publicar un comentario