{"id":639,"date":"2024-05-09T06:20:54","date_gmt":"2024-05-09T06:20:54","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=639"},"modified":"2025-07-28T08:24:44","modified_gmt":"2025-07-28T08:24:44","slug":"powerdrop-new-powershell-malware-targeting-us-aerospace-industry","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/powerdrop-new-powershell-malware-targeting-us-aerospace-industry\/","title":{"rendered":"PowerDrop \u2013 New PowerShell Malware Targeting US Aerospace Industry"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

A new PowerShell malware is on the loose, targeting the US aerospace defense industry, and the sneaky threat actor is still at large!<\/p>\n\n\n\n

Dubbed \u201cPowerDrop,\u201d this malware was spotted by the cybersecurity heroes at Adlumin. They stumbled upon it in the network of a defense contractor, using their super machine learning skills to sniff out this nasty piece of code.<\/p>\n\n\n\n

PowerDrop is no ordinary malware; it\u2019s got some fancy moves up its sleeve! By using PowerShell and Windows Management Instrumentation (WMI), it\u2019s pulling off advanced techniques to stay hidden in the shadows. This tricky malware is like a sneaky post-exploitation ninja, collecting sensitive info from its victim\u2019s network once it\u2019s got its foot in the door.<\/p>\n\n\n\n

Analysts suspect that PowerDrop slithers into its target\u2019s network through phishing emails or devious spoofed download sites. Sneaky and clever, right?<\/p>\n\n\n\n

Who\u2019s behind this sinister attack? The threat actor remains a mystery, but the analysts think it\u2019s probably one of those state-sponsored advanced persistent threat (APT) groups.<\/p>\n\n\n\n

The use of PowerShell in cyberattacks has been on the rise, thanks to its ability to cook up scripts that can slip right under the radar of common computing environments. It\u2019s like the malware equivalent of a chameleon, blending right in!<\/p>\n\n\n\n

We don\u2019t know the full impact of this attack yet, but the good news is, there\u2019s no evidence of initial compromise or data theft as of now.<\/p>\n\n\n\n

LMNTRIX Perspective<\/h3>\n\n\n\n

The increased use of scripting languages that aid cyber criminals with their attacks should keep organizations vigilant and aware of their use of configuration management program within Windows environments.<\/p>\n\n\n\n

This is especially the case for organizations within the aerospace defense industry as they have been the main target for these attacks. Since the point of entry for these attacks have been identified through phishing emails and spoofed download sites, organizations should assess their security awareness and training of users to ensure their programs and campaigns are covering the latest threat to prevent and mitigate user risks.<\/p>\n\n\n\n

Conducting periodic vulnerability scans on Windows systems would also ensure any vulnerabilities are identified early on and patched accordingly. <\/p>\n\n\n\n

Recommendations<\/h3>\n\n\n\n

Conduct and maintain vulnerability scans on Windows systems and perform periodic patching.<\/p>\n\n\n\n