In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- CISA: Preparing Critical Infrastructure for Post-Quantum Cryptography
August 24, 2022
Nation-states and private companies are actively pursuing the capabilities of quantum computers. Quantum computing opens up exciting new possibilities; however, the consequences of this new technology include threats to the current cryptographic standards. These standards ensure data confidentiality and integrity and support key elements of network security. While quantum computing technology capable of breaking public ...
- Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
August 24, 2022
There have already been reports on code-signed rootkits like Netfilter, FiveSys, and Fire Chili. These rootkits are usually signed with stolen certificates or are falsely validated. However, when a legitimate driver is used as a rootkit, that’s a different story. Such is the case of mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game ...
- New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks
August 23, 2022
A new data extortion group named ‘Donut Leaks’ is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Two victims disclosed these attacks without much information regarding who was involved. Over the weekend, DESFA confirmed they suffered a cyberattack after Ragnar Locker leaked screenshots ...
- Legitimate SaaS Platforms Being Used to Host Phishing Attacks
August 23, 2022
Instead of creating phishing pages from scratch, more and more cybercriminals are now abusing legitimate software-as-a-service (SaaS) platforms, including various website builders or form builders, to host their phishing pages. Since these URLs are hosted on legitimate domains, they can be especially difficult for many phishing detection engines to detect. Furthermore, these platforms typically require ...
- Colorado: Cyber attack hits Fremont County government
August 23, 2022
Fremont County government services are being impacted by a cyber attack that began last week. According to a Facebook post made by Fremont County Emergency Management, county officials became aware of the attack, which was impacting county government systems, on Wednesday, Aug. 17. An incident response team led by Fremont County Emergency Management and the Governor’s Office ...
- New Iranian APT data extraction tool
August 23, 2022
As part of TAG’s mission to counter serious threats to Google and our users, they’ve analyzed a range of persistent threats including APT35 and Charming Kitten, an Iranian government-backed group that regularly targets high risk users. For years, Google TAG have been countering this group’s efforts to hijack accounts, deploy malware, and their use of ...