Security News > 2023 > August > New SystemBC Malware Variant Targets Southern African Power Company

An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack.

The use of SystemBC as a conduit for ransomware attacks has been documented in the past.

In December 2020, Sophos revealed ransomware operators' reliance on SystemBC RAT as an off-the-shelf Tor backdoor for Ryuk and Egregor infections.

"SystemBC is an attractive tool in these types of operations because it allows for multiple targets to be worked at the same time with automated tasks, allowing for hands-off deployment of ransomware using Windows built-in tools if the attackers gain the proper credentials," the company said at the time.

The identity of the threat actors behind the wave of attacks is currently unknown, although existing evidence points to the likely involvement of Russian ransomware groups, specifically FIN12, which is known to deploy SystemBC alongside Cobalt Strike Beacons to deploy ransomware.

"Ransomware will continue to disrupt industrial operations, whether through the integration of operational technology kill processes into ransomware strains, flattened networks allowing ransomware to spread into OT environments, or precautionary shutdowns of production by operators to prevent ransomware from spreading to industrial control systems," the company assessed with high confidence.

News URL

https://thehackernews.com/2023/08/new-systembc-malware-variant-targets.html