Threat Intelligence

Nascent PowMix botnet covertly compromises Czech workforce

botnet computer virus red background

Newly emergent PowMix botnet has been leveraging randomized command-and-control beaconing intervals to stealthily compromise the Czech Republic's workforce in an attack campaign that has been underway since December, The Hacker News reports.

Attackers may have used a phishing email to deliver an illicit ZIP file containing an LNK file that deploys a PowerShell loader that extracts, decrypts, and executes the PowMix botnet in memory, according to a Cisco Talos report. Apart from enabling remote access, reconnaissance, and persistence, PowMix also facilitates the remote execution of commands for self-deletion and C2 migration, while tapping compliance-themed lures to distract targets.

With its usage of ZIP-based payload distribution, scheduled task persistence, and Heroku exploitation for C2, the PowMix campaign was noted by Cisco Talos researchers to be akin to the earlier ZipLine campaign reported by Check Point analysts. Such findings come as the RondoDox botnet was disclosed by Bitsight researchers to have evolved to integrate XMRig cryptocurrency mining capabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds