In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Cyberattack on food giant Dole, temporarily shuts down North American production
February 23, 2023
Produce giant Dole was forced to temporarily shut down its production plants in North America and halt food shipments to grocery stores after being targeted in a cyberattack. The previously unreported hack, which a source familiar with the incident said was ransomware, led some grocery shoppers to complain on Facebook in recent days that store shelves ...
- Telus investigating sale of alleged code, employee information
February 23, 2023
Someone on a criminal forum is selling what they claim is data on all Telus employees, as well as the Canadian telecommunications company’s GitHub software code repositories. In response to an IT World Canada reporter’s query about the posting, Telus director of public affairs Richard Gilhooley said the company is looking into the allegation. Read more… Source: IT ...
- European Commission bans TikTok from employees’ phones
February 23, 2023
The Commission said in a statement that all its employees will have to comply by March 15. This measure aims “to protect the Commission against cybersecurity threats and actions which may be exploited for cyber-attacks against the corporate environment of the Commission,” the statement said. “The security developments of other social media platforms will also be kept ...
- Datacenters in China, Singapore cracked by crims who then targeted tenants
February 23, 2023
Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers. That’s the scary scenario outlined by infosec vendor Resecurity, which has detailed malicious campaigns said to have started in 2021 but became apparent earlier this month when info dumps were teased on the ...
- Russian malware dev behind NLBrute hacking tool extradited to US
February 23, 2023
A Russian malware developer accused of creating and selling the NLBrute password-cracking tool was extradited to the United States after being arrested in the Republic of Georgia last year on October 4. Also known as dpxaker, Dariy Pankov is now charged with access device fraud and computer fraud and faces a maximum sentence of 47 years ...
- Hydrochasma: Previously unknown group targets medical and shipping organizations in Asia
February 22, 2023
Shipping companies and medical laboratories in Asia are being targeted in a likely intelligence-gathering campaign that relies exclusively on publicly available and living-off-the-land tools. Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments ...