An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack.
“The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a south African nation’s critical infrastructure,” Kurt Baumgartner, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), said.
The Russian cybersecurity company said the attack, which took place in late March 2023, was in its early stages and involved the use of DroxiDat to profile the system and proxy network traffic using the SOCKS5 protocol to and from command-and-control (C2) infrastructure.
