These hackers are hitting victims with ransomware in an attempt to cover their tracks


Level 37
Thread author
Top Poster
Feb 4, 2016
Cyber-espionage campaigns linked to the Iranian government are using new malware to secretly snoop around networks, and then drop malware to hide any trace of activity.

Iranian hackers are targeting a range of organisations around the world in campaigns that use previously unidentified malware to conduct cyber-espionage actions and steal data from victims – and in some cases, the state-backed attackers are also launching ransomware in a dual effort to embarrass victims and cover their tracks.

The two separate campaigns have been detailed by cybersecurity researchers at Cybereason, who've attributed the activity to an Iranian hacking group they track as Phosphorusalso known as APT35 and Charming Kitten – along with another Iranian-linked cyber operation, dubbed Moses Staff.


Level 85
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell.

The threat group also used the previously unknown malware to deploy additional modules, including info stealers and keyloggers, according to a report published today by the Cybereason Nocturnus Team.

The PowerLess backdoor features encrypted command-and-control communication channels, and it allows executing commands and killing running processes on compromised systems.

It also evades detection by running in the context of a .NET application which allows it to hide from security solutions by not launching a new PowerShell instance.

"The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy. At the time of writing this report, some of the IOCs remained active delivering new payloads," the Cybereason researchers said.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.