Researchers have recently detected a new malware “PowerPepper” activity from DeathStalker. It is the advanced persistent threat (APT) actor, recognized for contributing hacking-for-hire services.
The threat actors are targeting the companies in the financial and legal sectors. DeathStalker is a threat actor that’s been running since 2012.
Recently, Kaspersky has exposed most of their past actions in a previous article. However, this group was discovered using a new malware that has implanted and delivery tactics, including a backdoor Kaspersky that has been dubbed as PowerPepper.
PowerPepper implant
The experts affirmed that PowerPepper is a Windows in-memory PowerShell backdoor that can perform all remotely sent shell commands. DeathStalker has a tradition; it has an implant that tries to avoid all kinds of detection or sandboxes performance along with several tricks.
The tricks are quite complex; it has a trick like catching mouse movements, cleaning the client’s MAC…