Cybereason identifies new malware variants

Cybereason, the XDR company, announced that it has discovered previously unidentified malware variants being leveraged in two separate Iranian state-sponsored cyberespionage operations targeting a wide range of organisations in multiple global regions. One of the malicious operations is deploying ransomware against targets following data exfiltration in order to inflict damage to systems as well as to hamper forensic investigations, and the other showed a connection to the recently documented Memento ransomware. This research closely follows an announcement by US Cyber Command’s Cyber National Mission Force (CNMF) regarding multiple open-source tools being abused by Iranian threat actors, with Cybereason researchers having similarly observed open-source tools abused in both of the Iranian attack campaigns investigated.

The StrifeWater RAT Report

Cybereason researchers discovered a previously undocumented remote access trojan (RAT) dubbed StrifeWater that the company attributes to Iranian threat actor Moses Staff. This APT has been observed targeting organisations in the US, Israel, India, Germany, Italy, United Arab Emirates, Chile and Turkey in order to further the geopolitical goals of the Iranian regime. After infiltrating an organisation and exfiltrating sensitive data, the attackers deploy destructive ransomware to cause operational disruptions and make the task of forensic investigation more difficult.

The PowerLess Backdoor Report

Cybereason researchers discovered a new set of tools developed by the Phosphorus group (AKA Charming Kitten, APT35) that includes a novel PowerShell-based backdoor dubbed PowerLess. Cybereason also observed an IP address used in the attacks that was previously identified as part of the command and control (C2) for the recently documented Memento ransomware. Phosphorus is known for attacking medical and academic research organisations, human rights activists, the media sector, for exploiting known Microsoft Exchange Server vulnerabilities and for attempting to interfere with US elections.

“These campaigns highlight the blurred line between nation-state and cybercrime threat actors, where ransomware gangs are more often employing APT-like tactics to infiltrate as much of a targeted network as possible without being detected, and APTs leveraging cybercrime tools like ransomware to distract, destroy and ultimately cover their tracks,” said Cybereason Co-Founder and CEO Lior Div. “For Defenders in the private sector, there is no longer a significant distinction between nation-state adversaries and sophisticated cybercriminal operations. That’s why it is crucial for us as Defenders to collectively improve our detection and prevention capabilities if we are going to keep pace with these evolving threats.”

 

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Scroll to Top