In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
October 27, 2022
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on hands-on-keyboard attacks and human-operated ransomware activity. Microsoft continuous tracking of Raspberry Robin-related activity also ...
- Medibank now says hackers accessed all its customers’ personal data
October 27, 2022
Australian insurance firm Medibank has confirmed that hackers accessed all of its customers’ personal data and a large amount of health claims data during a recent ransomware attack. In an announcement published today, the companies warned that an internal investigation into the attack has shown that the threat actors had far greater access to customer data ...
- Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends
October 26, 2022
Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on cybercrime charges, the US Justice Department said on Tuesday. Sokolovsky, said to have used the online names Photix, Raccoon Stealer, and black21jack77777, was indicted on November 2, 2021 by a federal grand jury for his alleged role ...
- Insider Threat: The Dangers Within
October 25, 2022
Mandiant has adopted the Cyber and Infrastructure Security Agency (CISA) definition of insider, which states, “An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.” An insider threat is then the “potential for that insider to use their authorized access ...
- Hive claims ransomware attack on Tata Power, begins leaking data
October 25, 2022
Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India’s largest integrated power company based in Mumbai. In screenshots seen by BleepingComputer, Hive operators have posted data they claim to have stolen from Tata Power, indicating that the ransom ...
- CISA Adds Six Known Exploited Vulnerabilities to Catalog
October 24, 2022
CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...