Backdor Powerless to Target Israeli Organizations

Iran-linked Hacker Group Accused of Phishing Attacks on Israel

Security researchers at Check Point have identified a new wave of phishing attacks being deployed against Israel by an Iranian state-backed hacking group. The group behind the attack, which Check Point has dubbed “Educated Manticore,” is believed to have ties to APT35, also known as Cobalt Illusion, Charming Kitten, ITG18, Mint Sandstorm, Ta453 and Yellow Garuda.
According to Check Point, the group’s methods and tools demonstrate “strong coincidences” with APT35. Among the tools used is an updated version of the previously documented Windows backdoor “Powerless,” which has been developed to enable the theft of data from web browsers and applications, take screenshots, and record sound and keystrokes. 
The malicious campaign began with a phishing email containing a disk image file format “.iso.” The bait used in the subject of the file was ostensibly about Iraq, and the file would display a dumping document containing academic content about Iraq, written in Arabic, English, and Hebrew. Researchers believe this technique may have also targeted the research community. 
Check Point stressed that the fight against “exploitation in the wild” required various strategies, including detection of vulnerabilities, updating antivirus databases, and user training in cybersecurity.

/Reports, release notes, official announcements.