Security News > 2020 > December > Hack-for-Hire Group 'DeathStalker' Uses New Backdoor in Recent Attacks

Hack-for-Hire Group 'DeathStalker' Uses New Backdoor in Recent Attacks
2020-12-04 17:21

Over the past several months, the "Mercenary" advanced persistent threat group known as DeathStalker has been using a new PowerShell backdoor in its attacks, Kaspersky reports.

Kaspersky's security researchers, who have been tracking the group since 2018, identified a previously unknown implant the group has been using in attacks since mid-July.

Dubbed PowerPepper, the malware has been continuously used in attacks and is being constantly improved.

The C&C communication is encrypted and the malware uses the same implementation of AES encryption as the previously detailed Powersing backdoor.

"On top of the DNS C2 communication logic, PowerPepper also signals successful implant startup and execution flow errors to a Python backend, through HTTPS. Such signaling enables target validation and implant execution logging, while preventing researchers from interacting further with the PowerPepper malicious C2 name servers," Kaspersky reports.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/n1UwTiT42cc/hack-hire-group-deathstalker-uses-new-backdoor-recent-attacks