Security News > 2023 > April > Iranian Hackers Launch Sophisticated Attacks Targeting Israel with Powerless Backdoor

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a backdoor called PowerLess.

The attack chain documented by Check Point begins with an ISO disk image file that makes use of Iraq-themed lures to drop a custom in-memory downloader that ultimately launches the PowerLess implant.

The ISO file acts as a conduit to display a decoy document written in Arabic, English, and Hebrew, and purports to feature academic content about Iraq from a legitimate non-profit entity called the Arab Science and Technology Foundation, indicating that the research community may have been the target of the campaign.

"While the new PowerLess payload remains similar, its loading mechanisms have significantly improved, adopting techniques rarely seen in the wild, such as using.NET binary files created in mixed mode with assembly code," Check Point said.

The cybersecurity firm said it also discovered two other archive files used as part of a different intrusion set that shares overlaps with the aforementioned attack sequence owing to the use of the same Iraq-themed PDF file.

Further analysis has revealed that the infection chains arising from these two archive files culminate in the execution of a PowerShell script that's engineered to download two files from a remote server and run them.

News URL

https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html