In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
October 19, 2022
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a new Malware Analysis Report, MAR-10398871.r1.v2. CISA encourages organizations to review the latest update to AA22-228A ...
- ‘Fully undetectable’ Windows backdoor gets detected
October 18, 2022
SafeBreach Labs says it has detected a novel fully undetectable (FUD) PowerShell backdoor, which calls into question the accuracy of threat naming. More significantly, the malware may backdoor your Windows system by masquerading as part of the update process. Tomer Bar, director of security research at SafeBreach, explains in an advisory that the software nasty and associated ...
- Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong
October 18, 2022
Symantec has observed a likely continuation of the Operation CuckooBees activity, this time targeting organizations in Hong Kong. Operation CuckooBees was first documented in May 2022 by researchers at Cybereason, who said the intelligence-gathering campaign had been operating under the radar since at least 2019, stealing intellectual property and other sensitive data from victims. The victims observed ...
- CISA Releases Two Industrial Control Systems Advisories
October 18, 2022
CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-291-01 Advantech R-SeeNet ICSA-21-336-06 Hitachi Energy APM Edge (Update A) Read more… Source: U.S. Cybersecurity and Infrastructure ...
- Verizon notifies prepaid customers their accounts were breached
October 18, 2022
Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks. “We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account,” ...
- Defenders beware: A case for post-ransomware investigations
October 18, 2022
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase. In this blog, DART researchers detail a recent ransomware incident in which the attacker used a ...