Unknown threat actor targets U.S. aerospace industry with advanced PowerShell-based malware, PowerDrop

Cybersecurity researchers have discovered an unknown threat actor targeting US Aerospace companies with a new form of highly advanced cybersecurity threat – a PowerShell-based malware called PowerDrop. The actor behind this malware has been using advanced techniques such as deception, encoding, and encryption to evade initial detection and access victim networks.

Experts have analyzed the code and found that the name “PowerDrop” comes from the tool used to create the script – Windows PowerShell, and the code for padding – “Drop” (DRP). This indicates that the attackers are likely advanced and have significant knowledge of scripting and coding.

Attackers are using this malware as a post-exploitation tool to gather information from victim networks after obtaining initial access through other means. They use the network’s own defenses, such as existing access privileges, to act as a cover for their offensive actions and further improve their ability to infiltrate and compromise the target system.

To hide their activity and evade detection, PowerDrop uses advanced techniques such as employing ICMP echo request messages as beacons to initiate communication with the command-and-control (C2) server. This message is then responded to by the server with an encrypted command that is decoded and run on the compromised host. A similar ICMP ping message is used for exfiltrating the results of the instruction.

The malware also executes the PowerShell command by means of the Windows Management Instrumentation (WMI) service, indicating the adversary’s attempts to leverage living-off-the-land tactics to sidestep detection. Through this method, the attackers can execute commands with lower friction. However, it may also provide clues that enable security researchers to identify and track them.

While the core DNA of the threat is not particularly sophisticated, its ability to obfuscate suspicious activity and evade detection by endpoint defenses indicates the involvement of more sophisticated threat actors. Security experts believe that the actor behind PowerDrop may have significant resources, knowledge, and access, suggesting links to an organized cybercriminal group or even a nation-state.

The attack on the US aerospace industry comes amid increasing concerns about the vulnerability of critical infrastructure to cyberattacks. Cybercriminals and nation-states are increasing their offensive cybersecurity activities, targeting strategic industries like energy, manufacturing, healthcare, and defense. They are using advanced techniques and tactics like this latest PowerDrop malware to bypass sophisticated cyber defenses and infiltrate even the most secure systems.

Mark Sangster, Vice President of Strategy at Adlumin, commented, “The use of living-off-the-land tactics is a common approach taken by cybercriminals to fly under the radar of existing endpoint defenses. While not a sophisticated form of malware, it is still capable of executing multiple commands on a single host and compromising a network. Unfortunately, once intruders have gained access to a network, it is difficult to detect what happens next.”

The cybersecurity community continues to call for organizations to strengthen their cybersecurity posture and take proactive steps to secure their networks against increasingly advanced threats. This includes implementing multi-layered security measures and actively monitoring and testing existing defenses to identify and address vulnerabilities before they can be exploited. It is only by remaining vigilant and taking a comprehensive approach to cybersecurity that organizations can hope to keep pace with the rapidly evolving threat landscape and ensure the safety and security of their data, networks, and customers.

Explore more

Compliance Drives Regulated B2B Influencer Marketing in 2026

The shifting landscape of digital authority has fundamentally transformed how enterprise-level organizations engage with industry experts and thought leaders across global markets. As the professional world moves deeper into this period of technological saturation, the superficial tactics of the past have been replaced by a rigorous commitment to transparency and legal precision. In earlier years, the simple inclusion of a

Transforming Voice of the Customer Into Predictive Action

Corporate boardrooms often overflow with real-time dashboards and complex analytics, yet many organizations still find themselves blindsided by sudden shifts in customer loyalty and market demand. While the technology to capture feedback has become ubiquitous, the structural ability to interpret and act upon that data in a meaningful timeframe remains remarkably rare for the average enterprise. Most traditional systems are

How Will Databricks CustomerLake Redefine Agentic Marketing?

The ongoing evolution of the digital landscape has forced a radical reconsideration of how enterprises capture, process, and ultimately utilize the vast oceans of consumer data generated every second of the day. Modern marketing departments have long struggled with the paradox of having too much information but not enough actionable insight to drive meaningful consumer interactions in real time. The

How Can Small Banks Compete With Global Financial Giants?

Nikolai Braiden has seen the evolution of financial architecture from its early blockchain roots to the current wave of institutional modernization, and today he joins us to dissect a pivotal shift in venture capital. With BankTech Ventures recently deploying $15 million into AI and stablecoin solutions, the landscape for regional banking is undergoing a profound transformation. Braiden’s perspective as an

Bullski Presale Tops the List of Best Meme Coins for 2026

The current cryptocurrency market in 2026 has transitioned into a highly sophisticated arena where institutional standards and community-driven viral momentum converge to create unique financial opportunities. Investors are no longer satisfied with speculative assets lacking fundamental safeguards, leading to a significant shift toward projects that prioritize technical transparency and structured growth. In this evolving landscape, the Bullski presale has emerged