Port 22

What did DeathStalker hide between two ferns?

While tracking DeathStalkers Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware PowerPepper.