In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Transparent Tribe begins targeting education sector in latest campaign
July 13, 2022
Cisco Talos recently discovered an ongoing campaign conducted by the Transparent Tribe APT group against students at various educational institutions in India. This campaign was partially covered by another security firm, but our findings reveal more details regarding the adversary’s operations. Typically, this APT group focuses on targeting government (government employees, military personnel) and pseudo-government entities ...
- From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
July 12, 2022
A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against ...
- Hackers impersonate cybersecurity firms in callback phishing attacks
July 12, 2022
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks. Most phishing campaigns embed links to landing pages that steal login credentials or emails that include malicious attachments to install malware. However, over the past year, threat actors have increasingly used “callback” phishing campaigns that impersonate well-known ...
- Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
July 11, 2022
It’s extremely rare for hackers, who operate in the digital world, to cause damage in the physical world. But a cyber-attack on a steel maker in Iran two weeks ago is being seen as one of those significant and troubling moments. A hacking group called Predatory Sparrow said it was behind the attack, which it said caused ...
- How Shady Code Commits Compromise the Security of the Open-Source Ecosystem
July 11, 2022
Traditionally, concerns over open-source code security have revolved around whether or not open-source code could contain vulnerabilities, backdoors, or hidden malicious code. In recent months, however, Trend Micro researchers have observed a growth in a particular trend: Open-source code is being subjected to modifications to its functionality to express political protest. These instances of so-called ...
- Private 5G Network Security Expectations Part 3
July 11, 2022
Trend Micro conducted a survey on private wireless network security in collaboration with 451 Research, part of S&P Global Market Intelligence, in four countries (Germany, the U.K, Spain, and the U.S.) across the manufacturing, electricity, oil and gas, and healthcare industries. Trend Micro have introduced this survey’s findings on the expectations for private 5G security ...