According to researchers from cybersecurity firm Volexity, the most recent variant of malware is probably backed by a custom server-side component. This component assists the Powerstar backdoor operator by automating basic tasks.
The latest version of the malware utilizes a distributed file protocol to disseminate personalized phishing links.
Researchers have discovered that the malware incorporates various functionalities, such as leveraging the InterPlanetary File System (IPFS) and employing publicly accessible cloud hosts to remotely host its decryption function and configuration details.
In April, Microsoft identified a group named Mint Sandstorm. This group utilized an implant called CharmPower, which was distributed through targeted spear-phishing campaigns. The campaigns specifically targeted individuals associated with the security community, as well as those affiliated with think tanks or universities in Israel, North America, and Europe.
The threat actor known as Charming Kitten also referred to as Phosphorus, TA453, APT35, Cobalt Illusion, ITG18, and Yellow Garuda, has been involved in surveillance activities targeting journalists and activists since at least 2013.
Recently, researchers have discovered that the attackers are adopting the guise of a reporter from an Israeli media organization.
Their strategy involves sending targeted
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: