• Tue. Oct 10th, 2023

DroxiDat: South Africa’s Energy Battle

Avatar photo

ByEsme Greene

Sep 6, 2023
DroxiDat: South Africa's Energy Battle
Esme Greene
Latest posts by Esme Greene (see all)

In South Africa, an energy firm fell victim to an assault by unidentified hackers deploying the newly evolved DroxiDat malware, a variant of SystemBC. Kaspersky GReAT specialists speculate this might signify preliminary preparations for an imminent ransomware attack.

Emerging Threats: DroxiDat Malware Unleashed by Attackers in Early 2023

Kaspersky GReAT analysts have determined that the attack, occurring in late March 2023, was still in its early stages. The attackers employed DroxiDat to conduct system analysis and route network traffic through the SOCKS5 protocol for Command and Control (C2).

Engineered in C/C++, SystemBC emerged in 2019 with the purpose of installing proxies on victim computers, effectively masking the hackers’ activities.

Kaspersky Lab reported that DroxiDat is linked to healthcare-related incidents involving Nokoyawa ransomware alongside Cobalt Strike. Simpler than SystemBC, DroxiDat is limited to gathering system data, forwarding it to a remote server, and making registry modifications. Unlike SystemBC, DroxiDat cannot introduce additional payloads.

Introduced in February 2022, Nokoyawa ransomware targets 64-bit Windows systems, executing double extortion attacks where compromised networks’ sensitive data is stolen and threatened to be exposed unless a ransom is paid.

Notably, SystemBC and Cobalt Strike have collaborated in prior attacks on medical and financial institutions in the US, UK, and Australia. The threat actors exhibit swift behavior, infiltrating networks and attaining elevated privileges within a mere four hours.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.