Critical Infrastructure Security, Malware

US aerospace sector subjected to new PowerDrop malware attacks

SC StaffJune 8, 2023

Novel PowerDrop malware attacks have been launched against U.S. aerospace defense organizations, with a U.S. defense contractor's network discovered to have already been compromised, BleepingComputer reports. Both Windows Management Instrumentation and PowerShell have been leveraged by PowerDrop to facilitate persistent remote access trojan creation on impacted networks, according to an Adlumin report. Exploits, phishing emails, and fraudulent software download sites may have been used by threat actors to distribute PowerDrop, which had its malicious script executed through already registered WMI event filters and consumers. "The WMI event filter is triggered when the WMI class is updated, which then triggers the execution of the PowerShell script. Triggering by the filter is throttled to once every 120 seconds so long as the WMI class has been updated," said Adlumin. The report also showed that command execution results are being split by PowerDrop into multiple 128-byte chunks should they be deemed to be too large.

SC Staff

Related

5G Hackathons – Casey Ellis – BTS #28

April 24, 2024

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Third-party ransomware attack threatens Sweden’s liquor supply

SC StaffApril 25, 2024

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

The homepage of the FBI.

Critical Infrastructure Security

FBI: Disruptive Chinese attacks against US infrastructure imminent

SC StaffApril 24, 2024

Volt Typhoon and other Chinese cyberespionage operations were noted by FBI Director Christopher Wray to be already gearing up for far-reaching disruptive intrusions against U.S. critical infrastructure by 2027 should the U.S. interfere with China's conflict with Taiwan, according to CyberScoop.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news