Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Suspected Nation-State Actors Target US Aerospace Industry

PowerDrop Malware Is Simple But Sophisticated
Suspected Nation-State Actors Target US Aerospace Industry
Image: Shutterstock

Suspected nation-state hackers are using malware that researchers say straddles the line between off-the-shelf and advanced tactics in order to target the U.S. aerospace industry.

See Also: Panel | Cyberattacks Are Increasing — And Cyber Insurance Rates Are Skyrocketing

The malware is a PowerShell and Windows Management Instrumentation remote access tool that uses a network-level internet protocol typically used for error reporting as a trigger for the command-and-control server, said researchers from Adlumin.

Adlumin dubs the malware PowerDrop. It's hardly the first malware to use PowerShell or WMI to establish persistence, company researchers said in Tuesday blog post.

"While the core DNA of the threat is not particularly sophisticated, its ability to obfuscate suspicious activity and evade detection by endpoint defenses smacks of more sophisticated threat actors. The fact it targeted an aerospace contractor only confirms the likelihood of nation-state aggressors," said Adlumin executive Mark Sangster.

The company said it found the malware on the network of a U.S. aerospace defense contractor in May. Adlumin researchers did not identify the threat actor but suspect nation-state aggressors.

The malware can identify valuable information on the victim's system and, if needed, perform additional operations such as sending screen captures and system information to the hackers' command-and-control server.

The malware likely uses a previously known exploit - such as a phishing email or drive-by download - to gain initial access to the victim's computer. The PowerShell script is then executed by WIM.

The malware uses Internet Control Message Protocol echo request messages to trigger the command-and-control server as well as to exfiltrate data.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.