In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Wizard Spider hackers hire cold callers to scare ransomware victims into paying up
May 18, 2022
Researchers have exposed the inner workings of Wizard Spider, a hacking group that pours its illicit proceeds back into the criminal enterprise. On Wednesday, PRODAFT published the results of an investigation into Wizard Spider, believed to either be or be associated with the Grim Spider and Lunar Spider hacking groups. According to the cybersecurity firm, Wizard Spider, ...
- The BlackByte ransomware group is striking users all over the globe
May 18, 2022
The BlackByte ransomware group uses its software for its own goals and as a ransomware-as-a-service offering to other criminals. The ransomware group and its affiliates have infected victims all over the world, from North America to Colombia, the Netherlands, China, Mexico and Vietnam. Cisco Talos has been monitoring BlackByte for several months and Talos can confirm ...
- Emotet Summary: November 2021 Through January 2022
May 17, 2022
Emotet is one of the most prolific email-distributed malware families in our current threat landscape. Although a coordinated law enforcement effort shut down this malware in January 2021, Emotet resumed operations in November 2021. Since then, Emotet has returned to its status as a prominent threat. This blog provides a background on Emotet, and it reviews ...
- FBI: North Korea’s tech workers are posing as freelance developers, helping hackers
May 17, 2022
Skilled software and mobile app developers from North Korea are posing as US-based remote workers to land contract work as developers in US and European tech and crypto firms. The warning comes in a new joint advisory from The US Department of State, the US Department of the Treasury, and the Federal Bureau of Investigation (FBI) ...
- Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
May 17, 2022
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics drivers are software for NVIDIA Graphics GPU cards that are installed on PCs. The D3D10 driver communicates between the operating system and the GPU. It’s ...
- China reveals its top five sources of online fraud
May 17, 2022
China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone. The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or ...