Hackers use new stealthy PowerShell backdoor to target 60+ victims
A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities. [...]
PowerShell is Microsoft's task-automation shell and scripting platform, whose capabilities affect endpoint administration, abuse, and security controls.
Search across headline titles and summaries.
Background for this topic.
PowerShell is a command-line shell and scripting language for automating administration and configuration. It began as a Windows technology and is also available on Linux and macOS; its security-relevant features include access to operating-system APIs, scripting, and remote management. Administrators and defenders use it for tasks such as configuration enforcement, log analysis, and investigation.
Because PowerShell can download, decode, and execute scripts and use trusted administrative interfaces, attackers may abuse it for execution, persistence, credential access, or lateral movement, especially after obtaining valid permissions. PowerShell itself is not inherently malicious or a universal antivirus bypass. Useful controls include applying updates to the relevant PowerShell edition and its runtime, limiting script and remoting privileges, and enabling detailed logging such as script-block and transcription logs. Security teams can correlate those records with process, authentication, and network telemetry; controls such as application allowlisting and constrained language mode can further reduce abuse, while preserving required administrative workflows.
A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities. [...]
Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process
SafeBreach supposedly spots somewhat stealthy subversive software SafeBreach Labs says it has detected a novel fully undetectable (FUD) PowerShell backdoor, which calls into question the accuracy of threat naming.…