In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
June 27, 2022
Trend Micro has been monitoring the leak sites of multiple ransomware groups since November 2019 and continuously looking at the number and composition of organizations that have been victimized and whose information has been publicized by these groups. As a result of their research thus far, Conti and LockBit stand out in terms of their ...
- CISA Adds Eight Known Exploited Vulnerabilities to Catalog
June 27, 2022
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date ...
- Cyberattack forces Iran steel company to halt production
June 27, 2022
One of Iran’s major steel companies said Monday it was forced to halt production after being hit by a cyberattack, apparently marking one of the biggest such assaults on the country’s strategic industrial sector in recent memory. The Iranian government did not acknowledge the disruption or blame any specific group for the assault on the state-owned ...
- Russian hackers claim responsibility for cyberattack on Lithuania
June 27, 2022
Russian hacker group Killnet has claimed responsibility for a denial-of-service (DDOS) cyberattack on Lithuania, saying it was in response to the decision by Vilnius to block the transit of some sanctioned goods to the Russian exclave of Kaliningrad. Lithuanian state and private institutions were hit by the denial-of-service cyberattack on Monday, the Baltic country’s National Cyber ...
- Clever phishing method bypasses MFA using Microsoft WebView2 apps
June 26, 2022
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) has made ...
- Automotive fabric supplier TB Kawashima announces cyberattack
June 25, 2022
TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company did not confirm but there is reason to suspect that it is dealing with an attack from the LockBit ransomware group. TB Kawashima is a manufacturer ...