In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Luna Moth Callback Phishing Campaign
November 21, 2022
Unit 42 investigated several incidents related to the Luna Moth/Silent Ransom Group callback phishing extortion campaign targeting businesses in multiple sectors including legal and retail. This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope. By design, this style of social engineering attack leaves very few artifacts ...
- New ransomware encrypts files, then steals your Discord account
November 20, 2022
The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used to log in as ...
- More than 17 million control system cyber incidents are hidden in plain sight
November 18, 2022
Control system cyber incidents are more plentiful and impactful than most observers expect – more than 17 million directly resulting in more than 34,000 deaths. While there have been more than 1,200 electric grid cyber-related incidents, that doesn’t adequately reflect the true impact on customers and the economy. The majority of the 17 million-plus control ...
- Vanuatu: Hackers strand Pacific island government for over a week
November 18, 2022
Vanuatu’s government has been knocked offline for more than 11 days after a suspected cyber-attack on servers in the country. The hack has disabled the websites of the Pacific island’s parliament, police and prime minister’s office. It has also taken down the email system, intranet and online databases of schools, hospitals and other emergency services as well ...
- Smarter, Not Harder: How to Intelligently Prioritize Attack Surface Risk
November 18, 2022
There’s a common saying in cyber security, “you can’t protect what you don’t know,” and this applies perfectly to the attack surface of any given organization. Many organizations have hidden risks throughout their extended IT and security infrastructure. Whether the risk is introduced by organic cloud growth, adoption of IoT devices, or through mergers and acquisitions, ...
- Earth Preta Spear-Phishing Governments Worldwide
November 17, 2022
Trend Micro researchers have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents researchers observed in the wild, this is a large-scale cyberespionage campaign that began around March. After months of tracking, the seemingly wide outbreak of targeted attacks includes but ...