Hackers use PowerShell commands because they provide a powerful scripting environment on Windows systems, allowing them to stealthily execute malicious scripts and commands called Operation RusticWeb. While besides this, the PowerShell’s capabilities make it an attractive tool for gaining:- Unauthorized access Performing reconnaissance Executing various cyber attacks Cybersecurity researchers at SEQRITE Labs recently identified operation RusticWeb, in which they found threat actors using PowerShell commands to exfiltrate confidential documents. RusticWeb Using PowerShell The operation RusticWeb tracks overlapping tactics with Pakistan-linked APT groups like- APT36 SideCopy While threat actors shift from compiled languages to the following languages for cross-compatibility and evasive tactics:- Golang Rust Nim Golang malware examples include Windows-based Warp with Telegram bot C2 and Linux-based Ares RAT stager payload.
Source: GBHackers