These hackers are hitting victims with ransomware in an attempt to cover their tracks

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.zdnet.com/article/these-hackers-are-hitting-victims-with-ransomware-in-an-attempt-to-cover-their-tracks/
Cyber-espionage campaigns linked to the Iranian government are using new malware to secretly snoop around networks, and then drop malware to hide any trace of activity.

Iranian hackers are targeting a range of organisations around the world in campaigns that use previously unidentified malware to conduct cyber-espionage actions and steal data from victims – and in some cases, the state-backed attackers are also launching ransomware in a dual effort to embarrass victims and cover their tracks.

The two separate campaigns have been detailed by cybersecurity researchers at Cybereason, who've attributed the activity to an Iranian hacking group they track as Phosphorusalso known as APT35 and Charming Kitten – along with another Iranian-linked cyber operation, dubbed Moses Staff.
Click to expand...
 
  • Like
Reactions: Venustus, upnorth, Gandalf_The_Grey and 2 others
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,093
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell.

The threat group also used the previously unknown malware to deploy additional modules, including info stealers and keyloggers, according to a report published today by the Cybereason Nocturnus Team.

The PowerLess backdoor features encrypted command-and-control communication channels, and it allows executing commands and killing running processes on compromised systems.

It also evades detection by running in the context of a .NET application which allows it to hide from security solutions by not launching a new PowerShell instance.

"The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy. At the time of writing this report, some of the IOCs remained active delivering new payloads," the Cybereason researchers said.
Click to expand...
www.bleepingcomputer.com

Cyberspies linked to Memento ransomware use new PowerShell malware

An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: upnorth, Venustus, Andy Ful and 4 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
Replies
0
Views
669
News Archive
silversurfer
silversurfer
M
    • Like
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Replies
0
Views
422
Microsoft Defender
Microsoft Threat Intelligence
M
upnorth
    • Like
    • +Reputation
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
Replies
0
Views
824
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top