Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

DroxiDat Malware Hits Power Company

August 14, 2023
Reading Time: 2 mins read
in Incidents
DroxiDat Malware Hits Power Company

An unidentifiable threat actor has emerged in the realm of cybersecurity, orchestrating a targeted cyber attack on a power generation company in southern Africa. The assailant employed a novel iteration of the SystemBC malware, known as DroxiDat, which has raised suspicions of an imminent ransomware assault.

The attack occurred in late March 2023 and was characterized by the deployment of DroxiDat, working in tandem with Cobalt Strike Beacons, to infiltrate a critical infrastructure of a South African nation.

Kaspersky’s Global Research and Analysis Team (GReAT) shed light on the situation, indicating that the attack was in its preliminary stages and leveraged DroxiDat to profile the victim’s system and facilitate the proxying of network traffic through the SOCKS5 protocol to and from command-and-control (C2) infrastructure.

SystemBC, a C/C++-based malware and remote administrative tool, originated in 2019 and was primarily designed to set up SOCKS5 proxies on compromised systems, which can be utilized by threat actors for malicious traffic redirection. The malware’s recent variants also exhibit capabilities for downloading and executing additional payloads.

The multifaceted nature of SystemBC has previously been exploited as a conduit for ransomware operations, as demonstrated by its use in Ryuk and Egregor infections. DroxiDat, linked to a healthcare-related incident, found itself associated with ransomware deployment alongside Cobalt Strike in a similar timeframe. This emerging malware variant showcases a streamlined and compact design compared to SystemBC, serving as a proficient system profiler while exfiltrating gathered data to a remote server. The identity of the malevolent actors behind these attacks remains unknown, yet indications suggest the potential involvement of Russian ransomware groups like FIN12 (Pistachio Tempest), recognized for deploying SystemBC alongside Cobalt Strike to unleash ransomware campaigns.

Amid this evolving cyber threat landscape, industrial organizations have witnessed a surge in ransomware attacks targeting their critical infrastructures. According to Dragos, the number of such attacks doubled between the second quarter of 2022 and Q2 2023, rising from 125 incidents to 253.

This surge underscores the pressing need for bolstered cybersecurity measures to safeguard against ransomware-induced disruptions and protect industrial control systems.

References:
  • Focus on DroxiDat/SystemBC
Tags: AfricaAugust 2023Cyber incidentCyber Incidents 2023CyberattackCybersecurityDroxiDatMalwarePower IndustryRansomwareSystemBCVulnerabilities
ADVERTISEMENT

Related Posts

Spanish Consumer Group Faces Cyberattack

LockBit Ransomware Data Leaked After Hack

May 9, 2025
Spanish Consumer Group Faces Cyberattack

Education Giant Pearson Hit by Data Breach

May 9, 2025
Spanish Consumer Group Faces Cyberattack

Spanish Consumer Group Faces Cyberattack

May 9, 2025
Masimo Cyberattack Disrupts Manufacturing

Masimo Cyberattack Disrupts Manufacturing

May 8, 2025
Masimo Cyberattack Disrupts Manufacturing

West Lothian Schools Hit by Ransomware

May 8, 2025
Masimo Cyberattack Disrupts Manufacturing

Cyberattack Targets Tepotzotlán Facebook

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial