In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Supply Chain Attack Against 3CXDesktopApp
March 30, 2023
CISA is aware of open-source reports describing a supply chain attack against 3CX software and their customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app. CISA urges users and organizations to review the following reports for more information, ...
- Millions of Australians Caught Up in Cyber Attacks
March 29, 2023
One of Australia’s biggest property companies said Wednesday it had been hit by cybercriminals who may have stolen data about staff and guests. Staff members at Meriton, a large Australian property business, were warned Wednesday that cybercriminals may have accessed details of their bank accounts and details of their salaries, disciplinary history and performance appraisals. Read more… Source: ...
- Financial cyberthreats in 2022
March 29, 2023
Financial gain remains the key driver of cybercriminal activity. In the past year, we’ve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats – such as banking malware and financial phishing, continue to take up a ...
- Copy-paste heist or clipboard-injector attacks on cryptousers
March 28, 2023
It is often the case that something new is just a reincarnation of something old. Kaspersky reasearchers have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although they have written about a similar malware attack in 2017 in one of our blogposts, the technique is still ...
- To pay or not to pay – that’s the question as ransomware attacks rise
March 28, 2023
There is rarely a day that goes by when there isn’t a major local, national or international story about a well know organisation being hit by a cyber attack that has huge potential to disrupt the business and damage their brand. In the past few weeks alone we’ve seen Eurovision fans in a panic after Booking.com ...
- APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
March 28, 2023
Mandiant researchers released a report on APT43, a prolific threat actor operating on behalf of the North Korean regime that they have observed engaging in cybercrime as a way to fund their espionage operations. According to Mandiant they track tons of activity throughout the year, but don’t always have enough evidence to attribute it to a ...