In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Ransomware cost US banks $1.2 billion last year
November 2, 2022
Banks in the US paid out nearly $1.2 billion in 2021 as a result of ransomware attacks, a marked rise over the year before though it may simply be due to more financial institutions being asked to report incidents. The figures come from the most recent Financial Trend Analysis report on ransomware from the US ...
- OpenSSL downgrades horror bug after week of panic, hype
November 1, 2022
OpenSSL today issued a fix for a critical-turned-high-severity vulnerability that project maintainers warned about last week. After days of speculation, infosec professionals and armchair bug hunters received more of a trick than a treat on November 1: two CVE-tagged security issues, both rated “high” severity, to patch. One flaw was earlier rated “critical,” though it has ...
- Ransomware is a global problem and getting worse, says US
November 1, 2022
The White House has brought together dozens of nations as well as representatives from big tech companies for a two-day summit aimed at figuring out how to tackle the global ransomware problem. “When you look at government networks, as we know — Costa Rica; Montenegro; Bank of Zambia; the city of Palermo, Italy, — this is ...
- APT trends report Q3 2022
November 1, 2022
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on Kaspersky threat intelligence research; and they provide a representative snapshot of what Kaspersky researchers have published and discussed in greater detail in their private APT ...
- APT10: Tracking down LODEINFO 2022, part I
October 31, 2022
Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The malware was regularly modified and upgraded by the developers to target media, diplomatic, governmental and ...
- Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure
October 31, 2022
While advanced persistent threats get the most breathless coverage in the news, many threat actors have money on their mind rather than espionage. You can learn a lot about the innovations used by these financially motivated groups by watching banking Trojans. Because attackers constantly create new techniques to evade detection and perform malicious acts, studying monetarily ...