Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

DroxiDat Malware Hits Power Company

August 14, 2023
Reading Time: 2 mins read
in Incidents
DroxiDat Malware Hits Power Company

An unidentifiable threat actor has emerged in the realm of cybersecurity, orchestrating a targeted cyber attack on a power generation company in southern Africa. The assailant employed a novel iteration of the SystemBC malware, known as DroxiDat, which has raised suspicions of an imminent ransomware assault.

The attack occurred in late March 2023 and was characterized by the deployment of DroxiDat, working in tandem with Cobalt Strike Beacons, to infiltrate a critical infrastructure of a South African nation.

Kaspersky’s Global Research and Analysis Team (GReAT) shed light on the situation, indicating that the attack was in its preliminary stages and leveraged DroxiDat to profile the victim’s system and facilitate the proxying of network traffic through the SOCKS5 protocol to and from command-and-control (C2) infrastructure.

SystemBC, a C/C++-based malware and remote administrative tool, originated in 2019 and was primarily designed to set up SOCKS5 proxies on compromised systems, which can be utilized by threat actors for malicious traffic redirection. The malware’s recent variants also exhibit capabilities for downloading and executing additional payloads.

The multifaceted nature of SystemBC has previously been exploited as a conduit for ransomware operations, as demonstrated by its use in Ryuk and Egregor infections. DroxiDat, linked to a healthcare-related incident, found itself associated with ransomware deployment alongside Cobalt Strike in a similar timeframe. This emerging malware variant showcases a streamlined and compact design compared to SystemBC, serving as a proficient system profiler while exfiltrating gathered data to a remote server. The identity of the malevolent actors behind these attacks remains unknown, yet indications suggest the potential involvement of Russian ransomware groups like FIN12 (Pistachio Tempest), recognized for deploying SystemBC alongside Cobalt Strike to unleash ransomware campaigns.

Amid this evolving cyber threat landscape, industrial organizations have witnessed a surge in ransomware attacks targeting their critical infrastructures. According to Dragos, the number of such attacks doubled between the second quarter of 2022 and Q2 2023, rising from 125 incidents to 253.

This surge underscores the pressing need for bolstered cybersecurity measures to safeguard against ransomware-induced disruptions and protect industrial control systems.

References:
  • Focus on DroxiDat/SystemBC
Tags: AfricaAugust 2023Cyber incidentCyber Incidents 2023CyberattackCybersecurityDroxiDatMalwarePower IndustryRansomwareSystemBCVulnerabilities
ADVERTISEMENT

Related Posts

Tiffany & Co. Faces Data Breach Incident

Migos IG Hack Blackmails Solana Cofounder

May 28, 2025
Tiffany & Co. Faces Data Breach Incident

Tiffany & Co. Faces Data Breach Incident

May 28, 2025
Tiffany & Co. Faces Data Breach Incident

MathWorks Crippled by Ransomware Attack

May 28, 2025
Semiconductor Firm AXT Hit by Data Breach

Adidas Data Breach Exposes Customer Contacts

May 27, 2025
Everest Ransomware Leaks Coke Staff Data

Everest Ransomware Leaks Coke Staff Data

May 27, 2025
Semiconductor Firm AXT Hit by Data Breach

Semiconductor Firm AXT Hit by Data Breach

May 27, 2025

Latest Alerts

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

Subscribe to our newsletter

    Latest Incidents

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial