SecureList

JULY 21, 2025

This is a Chinese-speaking cyberespionage group known for targeting organizations across multiple sectors, including telecom and energy providers, educational institutions, healthcare organizations and IT energy companies in at least 42 countries. They distributed the tool as an encrypted file, typically with a TXT or INI extension.

Energy and Utilities 99

Energy and Utilities Accountability Data collection Encryption 99

eSecurity Planet

MARCH 14, 2022

The Cobalt Strike’s Command and Control protocol is a DNS-based communication that is pretty hard to detect compared to classic HTTP traffic. It’s a pretty clever way to hide malicious instructions using DNS entries and some obfuscation algorithm the Beacon can decode. While that’s true, it requires time, effort, and energy.

Energy and Utilities 131

Energy and Utilities DNS Penetration Testing Ransomware 131

SecureList

DECEMBER 1, 2023

DroxiDat, a lean variant of SystemBC that acts as a system profiler and simple SOCKS5-capable bot, was detected at an electric utility company. The C2 (command and control) infrastructure for the incident involved an energy-related domain, ‘powersupportplan[.]com’, com’, that resolved to an already suspicious IP host.

Malware 136

Malware Ransomware Encryption Energy and Utilities 136

eSecurity Planet

JULY 28, 2021

For advantages, private blockchains are more scalable and energy-efficient with suggested use cases of banking and supply chain management. Since the 1970s, Public Key Infrastructure (PKI) has offered encryption , authentication, bootstrapping, and digital signatures to secure digital communications. DDoS: Overwhelming the Network.

Cybersecurity 136

Cybersecurity Cryptocurrency Technology Energy and Utilities 136

SecureList

NOVEMBER 26, 2021

We have seen targeted attacks exploiting the vulnerability to target companies in research and development, the energy sector and other major industries, banking, the medical technology sector, as well as telecoms and IT. That library was then loaded by the legitimate MsMpEng.exe by utilizing the DLL side-loading technique.

Malware 132

Malware Banking Energy and Utilities Accountability 132

Security Boulevard

MAY 13, 2025

Uses AES/ECB encryption to receive and return data in encrypted form evading network base detection. Likely used as a fallback shell if the encrypted channel fails or is blocked. This assessment is based on overlaps in in post-exploitation tactics, such as using the ping command for DNS beaconing and shared infrastructure.

DNS 52

DNS Energy and Utilities Malware Encryption 52