An Iranian threat group known as Charming Kitten APT has exploited a new malware dubbed PowerLess being used alongside several malicious tools for infecting their targets. The PowerLess malware is a backdoor that includes evasive PowerShell execution that bypasses security solutions.
Researchers noted that the new PowerLess backdoor could download additional modules, which can be hostile upon execution since they can take a keylogger or an infostealer.
The PowerLess malware also utilises the PowerShell code that operates in the context of a DotNET ([.]NET) app. That is why the researchers observed that the backdoor could bypass security solutions since it is not deployed on a powershell[.]exe.
The threat actors’ toolset also accompanies the backdoor with extremely modular, multi-phased malware that decrypts and launches additional payloads in numerous phases for obfuscation and intended objectives.
For example, the operators of the PowerLess malware were connected by them to other tools such as an incomplete ransomware strain coded in [.]NET, a variant of the information stealer, and an audio recorder.
Charming Kitten APT may just be affiliated with an emerging threat group discovered recently.
Experts claimed that the Charming Kitten group is affiliated with the new ransomware group known as Memento. They concluded that these two groups are somehow connected since they spotted infrastructural overlaps between the two cybercriminal groups.
The Memento ransomware group was discovered in the last weeks of November last year. Moreover, the activities of Charming Kitten with ProxyShell occurred at the same time as the arrival of Memento. Thus, these observations have supported the theory that the Memento ransomware group is under the control of Iranian threat actors.
The latest cyberattacks conducted by Charming Kitten imply that its growth potential and resources to develop new tools is just the beginning of their ascension and has proven to manifest their backdoor since they invented the PowerLess backdoor.
Experts urge organisations to share their knowledge regarding these attackers to develop a network firewall and anti-malware solutions to mitigate attack damages.