In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Estonia hit by ‘most extensive’ cyberattack since 2007 amid tensions with Russia over Ukraine war
August 17, 2022
Estonia was subject to “the most extensive cyberattack” since 2007, the Baltic state’s government said on Thursday, a day after it started removing Soviet-era war monuments from public areas in the wake of Russia’s February invasion of Ukraine. The Russia-based and pro-Russia hacker group Killnet said on the messaging app Telegram that it was responsible for ...
- Switching side jobs: Links between ATMZOW JS-sniffer and Hancitor
August 17, 2022
The hacker group ATMZOW and its JavaScript-sniffer became known in 2020, thanks to the Malwarebytes researchers, when the group installed a JS sniffer on a website that was collecting donations for victims of the Australia bushfires. However, based on a specific obfuscation technique used by the group, we can track its activities back to 2015 as ...
- BlackByte ransomware gang is back with new extortion tactics
August 17, 2022
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. The data leak site only includes one ...
- North Korean hackers use signed macOS malware to target IT job seekers
August 17, 2022
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. While it is no surprise that they’re targeting workers at Web3 companies, details about this specific social engineering campaign so far were limited to malware for the Windows ...
- Malware devs already bypassed Android 13’s new security feature
August 17, 2022
Android malware developers are already adjusting their tactics to bypass a new ‘Restricted setting’ security feature introduced by Google in the newly released Android 13. Android 13 was released this week, with the new operating system being rolled out to Google Pixel devices and the source code published on AOSP. As part of this release, Google attempted ...
- Shuckworm: Russia-Linked Group Maintains Ukraine Focus
August 17, 2022
Recent Shuckworm activity observed by Symantec, a division of Broadcom Software, and aimed at Ukraine appears to be delivering information-stealing malware to targeted networks. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26. The ...