In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- CISA Releases Malware Analysis Reports on Barracuda Backdoors
July 28, 2023
CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited ...
- Kenya reports cyber attacks causing government system outages
July 28, 2023
Cyber attackers targeted a digital platform used by Kenya’s government to deliver services, the country’s technology minister said, highlighting the vulnerabilities of the system. The attack on the e-Citizen platform in recent days caused system outages that left users unable to access a broad range of government services, ranging from passport applications to electricity payments. Some ...
- Anomaly detection in certificate-based TGT requests
July 28, 2023
One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker ...
- California: City of Hayward says computer network restored 2 weeks after cyberattack discovered
July 27, 2023
Officials in the city of Hayward announced that the city’s internal computer network has been restored following a ransomware attack that took systems down earlier this month. In a statement Thursday, city officials said the network was brought back on Tuesday, more than two weeks after the cyberattack was first discovered. “The restored network ties together ...
- CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
July 27, 2023
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are ...
- A Tale of Two Cities’ water attacks
July 27, 2023
There have been more than 130 control system cyber incidents in water/wastewater utilities. Like Oldsmar and Discovery Bay, most of these incidents have occurred in small water utilities. Many of these incidents were not publicly disclosed, nor were the utilities required to disclose these incidents. Additionally, some of the real cases that were made public were ...