The Iranian cyberespionage group known as Charming Kitten has recently targeted a US-based think tank in an attack involving transferring a PowerShell backdoor to MacOS. The attack commenced in mid-May when the group sent a bait email to a nuclear security expert, the think tank’s public media contact. The email requested feedback on a project and sought permission to share a draft for review.
In a subsequent email, the cyberspies included a malicious link that directed the recipient to a password-protected archive file stored on Dropbox. Inside the archive was a link file (LNK) designed to initiate an infection chain, ultimately leading to the deployment of a new PowerShell backdoor. Proofpoint has named this backdoor GorjolEcho. Once activated, the backdoor establishes a persistent presence and presents a decoy PDF to the recipient while exfiltrating information to a command-and-control server.
Read More: Iranian Cyberspies Target US-Based Think Tank With New macOS Malware
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.