Adlumin reports that an unknown threat actor has created a new malware called PowerDrop for the U.S. aerospace industry.
The malware uses advanced techniques to evade detection.
PowerDrop is also a post-exploitation tool meaning it’s designed to gather information from victim networks after obtaining initial access through other means.
It uses Internet Control Message Protocol (ICMP) echo request messages as beacons to initiate communications with a command-and-control (C2) server.
The name of the malware comes from the utility, Windows PowerShell, used to concoct the script, and Drop from the DROP (DRP) string used in the code for padding.
PowerDrop was found in an unnamed domestic aerospace defense contractor in May 2023