Iranian Backed Threat Actors Evolve To Become More Dangerous

Researchers with Cybereason have discovered the notorious Iranian Charming Kitten has adapted new tools and evasion tactics, including a backdoor they dubbed the “PowerLess Backdoor”. The team also identified links between Charming Kitten and the Memento ransomware that emerged last year. Charming Kitten’s continuous evolution of its capabilities has been well-documented, so its new tools and potential to branch out in terms of the type of attacks it can deliver should come as little surprise to anyone.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“This discovery points to the fact that organizations are reliant on vendors to research and find new attacks and variants that are meant to evade current solutions. XDR and traditional SIEMs, even with analytics or claim of machine learning (ML) and Artificial Intelligence (AI) are too dependent on rule-based engines and trigger-based alerting to security events. This is not a recipe for success in quickly adapting to new variants that sophisticated threat actors are constantly creating with minimal effort. Not only does one of these vendors need to discover the new attack, but they also need to disclose the research to the public and other vendors that are made aware need to scramble to update their analytics and engines. The proper implementation of self-learning ML/AI that can more effectively adapt to new attack patterns and multi-stage methods across long periods of time without always needing updates that can take days or weeks after the attack has already been used in the wild. It is critical for organizations to research and deploy vendors with proper ML/AI along with user and entity behavior analytics (UEBA) in order to stay ahead of these emerging threats as vendors try to play catch-up.”

Organizations need to constantly be on their toes and create “a strong security culture” so they aren’t caught unawares by novel tactics used by groups like Charming Kitten and other highly organized threat groups. This this report should be required reading.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: