Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor
Apr 25, 2023
Cyber Threat / PowerShell
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess . Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore , which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt Illusion, ITG18, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. "Like many other actors, Educated Manticore has adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains," the Israeli company said in a technical report published today. Active since at least 2011, APT35 has cast a wide net of targets by leveraging fake social media personas , spear-phishing techniques , and N-day vulnerabilities in internet-exposed applications to gain initial access and drop various payloads, includi