Charming Kitten, an Iranian nation-state actor affiliated with the IRGC, has been attributed to a spearphishing campaign that delivers an updated version of a PowerShell backdoor called POWERSTAR.
The group also uses other implants such as PowerLess and BellaCiao to carry out its espionage operations.
According to the researchers, With POWERSTAR, Charming Kitties sought to limit the risk of exposing their malware to analysis and detection by delivering the decryption method separately from the initial code and never writing it to disk, the report says.
It adds that the references to persistence mechanisms and executable payloads within the POWERSTAR Cleanup module strongly suggests a broader set of tools used by the group to conduct malware-enabled espionage.
👋 Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! 🛍️
If not, consider contributing to my caffeine supply at Buy Me a Coffee ☕️.
Your clicks = cosmic support for more awesome content! 🚀🌈
Leave a Reply