In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Exploring the Inner Workings of DuckTail
August 30, 2023
In their persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, Zscaler researchers obtained critical details about DuckTail’s operational framework. This expedition granted them unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. Zscaler team yielded valuable ...
- Multiple Threats Target Adobe ColdFusion Vulnerabilities
August 30, 2023
This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented by Project Discovery, including a significant vulnerability in the WDDX deserialization process within Adobe ColdFusion ...
- Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
August 29, 2023
On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. Over the course of this follow up blog post, Mandiant researchers will detail how UNC4841 has continued to show sophistication and adaptability in response to remediation efforts. Specifically, UNC4841 deployed new and ...
- For the win? Offensive research contests on criminal forums
August 29, 2023
If you’re a security researcher who wants to share your innovations and insights with the wider community (and gain some peer recognition into the bargain), you’ve got a few options: present at conferences; write papers, blogs etc. The legitimate side of the house is awash with opportunities. But what if you’re a threat actor, whose research ...
- CISA Releases IOCs Associated with Malicious Barracuda Activity
August 29, 2023
CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances. Read more… Source: U.S. Cybersecurity and Infrastructure ...
- Deconstructing ransomware, cybercriminals and their modus operandi
August 29, 2023
The problem of ransomware is a seemingly age-old problem that is not going away, at least not any time soon. Governments and law enforcement are banding together to try to battle this issue with financial sanctions and takedowns of the groups behind ransomware attacks but they’re like the mythical beast Hydra – take the head ...