Iranian hackers are now using new malware to conduct cyber espionage campaigns and steal data. In some cases they drop ransomware in an attempt to avoid detection.
Researchers at Cybereason attribute the two separate campaigns to an Iranian hacking group known as Phosphorous. Moses Staff, another state-backed group, is also believed to be involved.
It is believed that Phosphorous carried out a number of espionage campaigns against organisations in the US, Europe and the Middle east. This includes suspected attempts at interfering in US presidential elections.
Phosphorous has now added trojan malware to their arsenal. Dubbed ‘PowerLess Backdoor‘ by researchers, the malware allows attackers to conduct activity with little chance of being detected.
PowerLess infiltrates and compromises machines. Once inside it downloads additional payloads, steals information and provides the attacker with a log of keystrokes.