In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Lastpass says hackers accessed customer data in new breach
November 30, 2022
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both ...
- New details on commercial spyware vendor Variston
November 30, 2022
Threat Analysis Group (TAG) has been tracking the activities of commercial spyware vendors for years, using our research to improve the safety and security of Google’s products and share intelligence with our industry peers. TAG’s research underscores that the commercial surveillance industry is thriving and has expanded significantly in recent years, creating risk for Internet ...
- All India Institute of Medical Sciences restores e-Hospital data after cyber attack
November 30, 2022
The server at the All India Institute of Medical Sciences (AIIMS) in Delhi has been down for the eighth day in a row, and according to reports, more analysts from Delhi are under consideration for suspension for cybersecurity violations after two of them were already suspended. According to the sources quoted by the report, “The sanitising ...
- Crafty threat actor uses ‘aged’ domains to evade security platforms
November 30, 2022
A sophisticated threat actor named ‘CashRewindo’ has been using ‘aged’ domains in global malvertising campaigns that lead to investment scam sites. Malvertising involves the injection of malicious JavaScript code in digital ads promoted by legitimate advertising networks, taking website visitors to pages that host phishing forms, drop malware, or operate scams. The CashRewindo malvertising campaigns are spread ...
- Cloudflare finds a way through China’s network defences
November 30, 2022
Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China. “Performance and reliability for traffic flows across the mainland China border have been a consistent challenge for IT teams within multinational organizations,” wrote product managers Kyle Krum and Annika Garbers. “Packets crossing the China border often experience ...
- Trigona ransomware spotted in increasing attacks worldwide
November 29, 2022
A previously unnamed ransomware has rebranded under the name ‘Trigona,’ launching a new Tor negotiation site where they accept Monero as ransom payments. Trigona has been active for some time, with samples seen at the beginning of the year. However, those samples utilized email for negotiations and were not branded under a specific name. As discovered by ...