Researchers at Cybereason tracking APT35, the threat group known as Phosphorous or Charming Kitten out of Iran, have observed the use of a new novel backdoor known as Powerless Backdoor. Powerless Backdoor utilizes a technique to invoke PowerShell in a.NET context rather than spawning the PowerShell process in an attempt to evade standard alerts for malicious PowerShell usage.
APT35 has targeted US and Israeli medical research organizations, as well as academic researchers from the US, France, and the Middle East. They are also tied to election interference and targeting human rights activists worldwide. Recently, Cybereason has documented strong connections between APT35 and Memento Ransomware that first emerged in late 2021.