United States: Ankura CTIX FLASH Update - June 6, 2023

Malware Activity

U.S. Aerospace Contractor Attacked with New PowerShell-based Malware “PowerDrop”

The U.S. aerospace defense industry has been targeted by a new malware known as “PowerDrop,” a PowerShell based malware script. This new malware was discovered on a U.S. defense contractor’s network in May 2023 by Adlumin. PowerDrop is executed by Windows Management Instrumentation (WMI) using WMI event filters and consumers named “SystemPowerManager,” which itself is created by the malware using the “wmic.exe” command line application. Although WMI is typically used for legitimate users to leverage PowerShell in remote or local computers, it is also commonly used to execute […]

Click here to visit source. www.mondaq.com

See also  The latest on the Ukraine-Russia crisis

By Donato