Malicious PowerShell
Malicious PowerShell
Attack sequences that exploit the ever-popular PowerShell are broadly attractive to top cybercriminals and cyberespionage groups because they make it easy to propagate viruses across a network. Notorious bad actors such as APT29 (aka Cozy Bear) use PowerShell scripts to gather critical intelligence to inform even more sophisticated cyberattacks. In 2020, the notorious threat group APT35 (aka “Charming Kitten”) abused Powershell in a ransomware attack on a charity organization and to harvest and exfiltrate data from a U.S. local government.
What you need to know: PowerShell is a command-line and scripting tool developed by Microsoft and built on .NET (pronounced “dot net”), that allows administrators and users to change system settings as well as to automate tasks. The command-line interface (CLI) offers a range of tools and flexibility, making it a popular shell and scripting language. Bad actors have also recognized the perks of PowerShell — namely, how to operate undetected on a system as a code endpoint, performing actions behind the scenes.
Comments
Post a Comment