Security News > 2023 > April > Iranian Hackers Launch Sophisticated Attacks Targeting Israel with Powerless Backdoor
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a backdoor called PowerLess.
The attack chain documented by Check Point begins with an ISO disk image file that makes use of Iraq-themed lures to drop a custom in-memory downloader that ultimately launches the PowerLess implant.
The ISO file acts as a conduit to display a decoy document written in Arabic, English, and Hebrew, and purports to feature academic content about Iraq from a legitimate non-profit entity called the Arab Science and Technology Foundation, indicating that the research community may have been the target of the campaign.
"While the new PowerLess payload remains similar, its loading mechanisms have significantly improved, adopting techniques rarely seen in the wild, such as using.NET binary files created in mixed mode with assembly code," Check Point said.
The cybersecurity firm said it also discovered two other archive files used as part of a different intrusion set that shares overlaps with the aforementioned attack sequence owing to the use of the same Iraq-themed PDF file.
Further analysis has revealed that the infection chains arising from these two archive files culminate in the execution of a PowerShell script that's engineered to download two files from a remote server and run them.
News URL
https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)