• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new powerdrop malware targeting u.s. aerospace industry

New PowerDrop Malware Targeting U.S. Aerospace Industry

You are here: Home / General Cyber Security News / New PowerDrop Malware Targeting U.S. Aerospace Industry
June 7, 2023

An unidentified menace actor has been observed focusing on the U.S. aerospace field with a new PowerShell-based malware named PowerDrop.

“PowerDrop uses superior tactics to evade detection this sort of as deception, encoding, and encryption,” in accordance to Adlumin, which found the malware implanted in an unnamed domestic aerospace protection contractor in Could 2023.

“The title is derived from the software, Windows PowerShell, made use of to concoct the script, and ‘Drop’ from the Fall (DRP) string utilized in the code for padding.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


PowerDrop is also a put up-exploitation instrument, this means it really is designed to obtain details from victim networks soon after getting preliminary accessibility by way of other indicates.

Cybersecurity

The malware employs Internet Management Message Protocol (ICMP) echo request messages as beacons to initiate communications with a command-and-control (C2) server.

The server, for its element, responds back with an encrypted command which is decoded and operate on the compromised host. A identical ICMP ping message is used for exfiltrating the final results of the instruction.

PowerDrop Malware

What’s more, the PowerShell command is executed by signifies of the Windows Administration Instrumentation (WMI) support, indicating the adversary’s tries to leverage dwelling-off-the-land ways to sidestep detection.

“When the core DNA of the threat is not specifically innovative, its capability to obfuscate suspicious exercise and evade detection by endpoint defenses smacks of much more advanced menace actors,” Mark Sangster, vice president of method at Adlumin, reported.

Discovered this report intriguing? Adhere to us on Twitter  and LinkedIn to read much more exceptional information we publish.


Some components of this report are sourced from:
thehackernews.com

Previous Post: «new malware campaign leveraging satacom downloader to steal cryptocurrency New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency
Next Post: CVEs Surge By 25% in 2022 to Another Record High Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.