PowerShell Archives - Security Affairs

Pierluigi Paganini February 12, 2025

North Korea-linked APT Emerald Sleet is using a new tactic

Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided […]

Pierluigi Paganini June 07, 2023

New PowerDrop malware targets U.S. aerospace defense industry

A previously unknown threat actor has been observed targeting the U.S. aerospace defense sector with a new PowerShell malware dubbed PowerDrop. Researchers from the Adlumin Threat Research discovered a new malicious PowerShell script, dubbed PowerDrop, that was employed in attacks aimed at organizations in the U.S. aerospace sector. The PowerShell-based malware uses advanced techniques to […]

Pierluigi Paganini May 17, 2022

A custom PowerShell RAT uses to target German users using Ukraine crisis as bait

Researchers spotted a threat actor using a custom PowerShell RAT targeting German users to gain intelligence on the Ukraine crisis. Malwarebytes experts uncovered a campaign that targets German users with custom PowerShell RAT targeting. The threat actors attempt to trick victims into opening weaponized documents by using the current situation in Ukraine as bait. The […]

Pierluigi Paganini January 12, 2022

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Iran-linked APT35 group has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor. Iran-linked APT35 cyberespionege group (aka ‘Charming Kitten‘ or ‘Phosphorus‘) has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor, Check Point researchers states. The experts also details the use of a modular PowerShell-based framework dubbed CharmPower, that allows […]

Pierluigi Paganini July 02, 2021

Microsoft urges Azure users to update PowerShell to fix RCE flaw

Microsoft is urging Azure users to update PowerShell to address a remote code execution vulnerability that was fixed earlier this year. Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1 to protect against a high severity remote code execution vulnerability tracked as CVE-2021-26701. The IT giant is inviting the PowerShell task […]

Pierluigi Paganini January 04, 2021

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. This PowerShell script is also used by threat actors to download a legitimate image file from image hosting […]

Pierluigi Paganini November 09, 2020

xHunt hackers hit Microsoft Exchange with two news backdoors

While investigating a cyber attack on the Microsoft Exchange server of an organization in Kuwait, experts found two new Powershell backdoors. Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor […]

Pierluigi Paganini June 02, 2019

ESET analyzes Turla APT’s usage of weaponized PowerShell

Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and […]

Pierluigi Paganini November 29, 2018

Dissecting the Mindscrew-Powershell Obfuscation

The Yoroi-Cybaze ZLAB dissected the VBS script embedded into the zip archives delivered to the victims of a recent attack. Introduction Few days ago, the CERT-Yoroi bulletin N061118 disclosed a dangerous campaign attacking several Italian users. The attack wave contained some interesting techniques need to look into further, especially regarding the obfuscation used to hide the malicious […]

Pierluigi Paganini August 20, 2016

A new Brazilian banking Trojan leverages on PowerShell

According to Kaspersky experts Brazilian crooks have made an important addition to their malware leveraging on the PowerShell. Security experts from Kaspersky Lab have discovered a sophisticated banking trojan targeting Brazilian users. The threat, codenamed Trojan-Proxy.PowerShell.Agent.a, leverages on the Microsoft’s PowerShell utility. It is considered one of the most complex Brazilian malware samples discovered since […]

PowerShell

North Korea-linked APT Emerald Sleet is using a new tactic

New PowerDrop malware targets U.S. aerospace defense industry

A custom PowerShell RAT uses to target German users using Ukraine crisis as bait

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Microsoft urges Azure users to update PowerShell to fix RCE flaw

New alleged MuddyWater attack downloads a PowerShell script from GitHub

xHunt hackers hit Microsoft Exchange with two news backdoors

ESET analyzes Turla APT’s usage of weaponized PowerShell

Dissecting the Mindscrew-Powershell Obfuscation

A new Brazilian banking Trojan leverages on PowerShell

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

The FBI warns that Scattered Spider is now targeting the airline sector

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

QUICK LINKS

PowerShell

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!