How To Take Action Powershell is a capable tool, and an administrator often uses it to carry out administrative activities like patching, system-level scripts and more.

A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot.

Last year, Kaspersky Labs said the APT was experimenting with PowerShell in-memory loads to bypass security protections, in the form of a customized open-source PoshSec-Mod system.