In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Conti Ransomware Gang: An Overview
December 18, 2021
Conti ransomware stands out as one of the most ruthless of the dozens of ransomware gangs that we follow. The group has spent more than a year attacking organizations where IT outages can have life-threatening consequences: hospitals, 911 dispatch carriers, emergency medical services and law enforcement agencies. Ireland has yet to recover from an attack ...
- Over Log4j? VMware has another critical flaw for you to patch
December 17, 2021
VMware customers have probably had a busy week because more than 100 of the IT giant’s products are impacted by the Log4j bug. Now they need to make another urgent patching effort, because the virty giant has identified another critical flaw in its products that it rates as requiring urgent attention. Security advisory VMSA-2021-0029, which pertains CVE-2021-22054, ...
- US federal agency compromised in suspected APT attack
December 17, 2021
A sophisticated threat actor has gained access and has backdoored the internal network of a US federal government agency. The security firm did not name the agency in its report, but The Record understands that the target of the attack was the United States Commission on International Religious Freedom (USCIRF). According to its website, the USCIRF is ...
- Meta bans ‘cyber-mercenaries’ that targeted 50,000 people
December 17, 2021
Meta, Facebook’s parent company, has banned several “cyber-mercenary” groups thought to have been offering surveillance services aimed at activists, dissidents and journalists worldwide. The social media giant said on Thursday it had begun warning about 50,000 people it believed may have come under scrutiny across more than 100 nations. The Facebook parent said it deleted accounts tied ...
- A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
December 16, 2021
Google Project Zero researchers want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with them, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with Google Project Zero on the technical analysis. The editorial opinions reflected below are solely Project Zero’s and do not necessarily reflect those of the organizations ...
- PseudoManuscrypt: a mass-scale spyware attack campaign
December 16, 2021
In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal. In 2020, the group used Manuscrypt in attacks on defense enterprises in different countries. These attacks are described in the report “Lazarus targets defense industry with ThreatNeedle“. Curiously, the ...