State hackers use new PowerShell backdoor in Log4j attacks

Iranian APT35 state-backed group is suspected to be using Log4Shell attacks to distribute a new malware called ‘CharmPower’. The hack involves the manipulation of a critical remote code execution vulnerability in Apache Log4j, discovered in December. The payload handles C2 communications, performs system enumeration, and receives, decrypts, and loads additional modules. Check Point researchers attribute this activity to APT35.