Unknown actor targets power generator with DroxiDat and Cobalt Strike

Recently Kaspersky pushed a report about an interesting and common component of the cybercrime malware set – SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, they found a new SystemBC variant deployed to a critical infrastructure target. This time, the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in a south African nation’s critical infrastructure.

Read more…
Source: Kaspersky