In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- #StopRansomware: Hive Ransomware
November 17, 2022
As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information. Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks. From June 2021 through at least November 2022, threat ...
- CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain
November 17, 2022
Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 ...
- QBot phishing abuses Windows Control Panel EXE to infect devices
November 17, 2022
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. DLL hijacking is a common attack method that takes advantage of how Dynamic Link Libraries (DLLs) are loaded in Windows. When a Windows executable is launched, ...
- Get a Loda This: LodaRAT meets new friends
November 17, 2022
Since their first blog post in February of 2020 on the remote access tool (RAT) known as LodaRAT (or Loda), Cisco Talos has monitored its activity and covered their findings in subsequent blog posts. As a continuation of this series, this blog post details new variants and new behavior Cisco Talos researchers have observed while monitoring ...
- CISA Releases Two Industrial Control Systems Advisories
November 17, 2022
CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-321-01 Red Lion Crimson ICSA-22-321-02 Cradlepoint IBR600 Read more… Source: U.S. Cybersecurity and Infrastructure Security ...
- DEV-0569 finds new ways to deliver Royal ransomware, various payloads
November 17, 2022
Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, ...