The hack-for-hire group DeathStalker, DeathStalker, is believed to be a cyber-mercenary organization targeting small and medium-sized businesses based on customer requests or perceived value.
The malware has been active since 2012 but was only exposed recently in August 2020. Security researchers at Kaspersky have been tracking the group since 2018 and have identified the previously unknown implant DeathStalker has been using in attacks. Tagged as PowerPepper, the malware is constantly being improved.
Read More: Tackling the Legacy Firewall challenges
PowerPepper is delivered through malicious Word documents that implant all of the items necessary for malware execution. A Windows shortcut file is also used for delivery, with the chain leveraging hostile PowerShell scripts and engaging a Word document that acts strictly as a decoy.
Source: securityweek