PowerStallion is one of the advanced tools used by the Turla group, a team of hackers whose activity dates back to 2008, and have been involved in attacks against high-profile targets such as the French and US military, as well as the German Foreign Office. The purpose of PowerStallion is to serve as a silent backdoor that can execute PowerShell scripts, and therefore grant the attacker’s access to some of the infected host’s features.
Researchers believe that the PowerStallion is not Turla’s primary weapon of choice and, instead, it is often used as a ‘backup backdoor’ in case the main backdoors like Gazer and Carbon fail for some reason. Despite being used as a backup, the PowerStallion backdoor still packs some interesting features such as the ability to communicate with a Command & Control server hosted on the free & public Microsoft OneDrive service. What is even more beguiling, is that in one of the analyzed samples of the PowerStallion backdoor, the email address used to connect to the server was named after one of the employees of the targeted company – a sign that Turla’s authors are likely to perform reconnaissance operations before launching their attack.
It appears that the Turla members are using the PowerStallion for a variety of tasks, but usually focus on monitoring the activity of anti-malware software or dropping ComRAT 4.
Despite using innovative attack methods and hacking tools, the Turla group is not unstoppable – taking advantage of the protection services offered by modern anti-malware software should be enough to disrupt these attacks.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to PowerStallion may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.