A new APT group, dubbed FruityArmor, conducted targeted attacks leveraging on a Windows zero-day vulnerability, tracked as CVE-2016-3393, recently patched by Microsoft. The group’s primary malware implant is written in PowerShell and all commands from the operators are also sent in the form of PowerShell scripts. The experts have observed victims in different countries, including Iran, Algeria, Thailand, Yemen, Saudi Arabia, and Sweden. The hackers used an attack platform built around the Microsoft PowerShell framework.”]
Source: http://securityaffairs.co/wordpress/52504/cyber-crime/fruityarmor-apt-0day.html