Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks

The PowerShell code operates in the context of a.NET application, avoiding the need to launch ‘powershell.exe,’ allowing it to avoid security solutions “Cybereason’s senior malware researcher, Daniel Frank, explained. “For stealth and efficacy, the toolkit evaluated comprises extremely modular, multi-staged malware that decrypts and distributes additional payloads in various stages.

The threat actor, which has been active since at least 2017, has been behind a number of attacks in recent years, including ones in which the adversary pretended to be journalists or academics in order to trick targets into installing malware and obtaining confidential material.

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks

01-Feb-22

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address