In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Terrorism and cyber attack warning as 25 biggest threats facing Ireland revealed
August 3, 2023
Ireland faces an increased threat from terrorism and cyber-attacks – because we spend so little money on defence, the government has admitted. This year’s national risk assessment also finds that Ireland faces 25 different potential threats – from terrorism to financial instability, as well as climate change, AI and even housing problems. Read more… Source: Irish Mirror
- Cyberattacks targeting utility firms at ‘alarmingly high levels’
August 2, 2023
Utility firms such as electricity providers have become the new frontier for cyberattacks, reaching “alarmingly high levels” last year, the International Energy Agency (IEA) has warned. Russia’s invasion of Ukraine gave fresh impetus to cyber criminals to attack electricity grids and demand ransoms from energy companies scarcely able to defend themselves due to a cybersecurity ...
- Transcending Silos: Improving Collaboration Between Threat Intelligence and Cyber Risk
August 2, 2023
Cyber Threat Intelligence (CTI) and risk management have emerged as distinct disciplines, yet they share many similarities in their mission. Both approaches inform decision-making by providing high-quality insight on the most relevant threats and risks impacting organizations. Although risk and CTI teams approach this challenge from different vantage points, their underlying shared mission creates exciting ...
- Midnight Blizzard conducts targeted social engineering over Microsoft Teams
August 2, 2023
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM). This latest attack, combined with past activity, further demonstrates Midnight Blizzard’s ongoing execution of their objectives using both new and common ...
- Sha zhu pan scam uses AI chat tool to target iPhone and Android users
August 2, 2023
Over the past two years, we have been tracking a variety of scams targeting mobile device users, generally referred to as “shā zhū pán” (杀猪盘, which translates as “butcher plate”) or “Pig Butchering.” This includes a category we labelled as “CryptoRom” when we initially investigated it in 2020, because of its two distinguishing characteristics—a focus on ...
- CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities
August 1, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) have released a joint Cybersecurity Advisory (CSA), Threat Actors Exploiting Ivanti EPMM Vulnerabilities, in response to the active exploitation of CVE-2023-35078 and CVE-2023-35081 affecting Ivanti Endpoint Manager Mobile (EPMM) (formerly known as MobileIron Core). Threat actors can chain these vulnerabilities to ...