This week, Kaspersky discovers that an unknown threat actor has been linked to a malware attack on a power generation company in South Africa with a new variant of the SystemBC ransomware called DroxiDat.
The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation’s critical infrastructure.
SystemBC is a C/C++ based commodity malware and remote administrative tool that was first seen in 2019.The use of SystemBC as a conduit for ransomware attacks has been documented in the past.
In December 2020, Sophos revealed ransomware operators’ reliance on ransomware operators’, reliance on SystemBC RAT as an off-the-shelf Tor backdoor for Ryuk and Egregor infections, Baumgartner said.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply