An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason.

The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's evasive PowerShell execution.

"The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy."

The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversary posed as journalists and scholars to deceive targets into installing malware and stealing classified information.

Earlier this month, Check Point Research disclosed details of an espionage operation that involved the hacking group exploiting the Log4Shell vulnerabilities to deploy a modular backdoor dubbed CharmPower for follow-on attacks.

The latest refinements to its arsenal, as spotted by Cybereason, constitutes an entirely new toolset that encompasses the PowerLess Backdoor, which is capable of downloading and executing additional modules such as a browser info-stealer and a keylogger.

Also potentially linked to the same developer of the backdoor are a number of other malware artifacts, counting an audio recorder, an earlier variant of the information stealer, and what the researchers suspect to be an unfinished ransomware variant coded in .NET.

Furthermore, infrastructure overlaps have been identified between the Phosphorus group and a new ransomware strain called Memento, which first emerged in November 2021 and took the unusual step of locking files within password-protected archives, followed by encrypting the password and deleting the original files, after their attempts to encrypt the files directly were blocked by endpoint protection.

"The activity of Phosphorus with regard to ProxyShell took place in about the same time frame as Memento," Frank said. "Iranian threat actors were also reported to be turning to ransomware during that period, which strengthens the hypothesis that Memento is operated by an Iranian threat actor."

More information

1. Pentest Tools Github
2. Hacker Tools Apk Download
3. Hacking Tools For Windows 7
4. Hacking Tools Windows
5. Hacker Tools Free Download
6. New Hacker Tools
7. Pentest Tools Android
8. Hacker Tools Online
9. Hacking Tools For Pc
10. Pentest Tools Github
11. Hacker Tools Github
12. Hacking Tools Windows
13. How To Make Hacking Tools
14. Pentest Tools Open Source
15. Pentest Box Tools Download
16. Beginner Hacker Tools
17. Hacking Tools For Kali Linux
18. Hacking App
19. Hacking Tools Free Download
20. Hack And Tools
21. Hacking Tools Mac
22. Hacking Tools For Beginners
23. Hack Tools For Windows
24. Pentest Tools Apk
25. Hacker Tools For Pc
26. Pentest Tools Free
27. Hack Tools Pc
28. Pentest Tools Find Subdomains
29. Hacking Tools Download
30. Hack Tools Github
31. Wifi Hacker Tools For Windows
32. Pentest Tools Github
33. Hack Tools For Windows
34. Hacker Security Tools
35. Hacker Tools Online
36. Hacker Hardware Tools
37. Nsa Hack Tools
38. Hacker Tools For Mac
39. Install Pentest Tools Ubuntu
40. Best Hacking Tools 2019
41. Kik Hack Tools
42. Top Pentest Tools
43. Hacker Tools For Mac
44. Best Pentesting Tools 2018
45. Hacking Tools Windows
46. Hacker Tools Linux
47. Pentest Tools Subdomain
48. Hacking Tools For Windows Free Download
49. Hacker Tools Hardware
50. Pentest Tools Free
51. Physical Pentest Tools
52. Hacking Tools For Windows
53. Top Pentest Tools
54. Pentest Tools Subdomain
55. Hacking App
56. Hacker Hardware Tools
57. Pentest Tools For Android
58. Game Hacking
59. Hack Website Online Tool
60. Hacking Tools 2019
61. Hacker Tools For Ios
62. Hacker Tools Free Download
63. Hacking Tools Github
64. Pentest Automation Tools
65. Pentest Tools Url Fuzzer
66. Hacker Techniques Tools And Incident Handling
67. Hacking Tools Pc
68. Hacker Tools Free