In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- An Investigation Into SS7 Exploitation Services On The Dark Web
November 17, 2021
In this latest investigative article SOS intelligence researchers will be taking a look at alleged SS7 exploitation services on the Dark Web and diving into their credibility using SOS Intelligence analytics toolkit. SS7 Significance & Background Signalling System 7 is a telecommunications protocol adopted internationally that defines how the network elements in a public switched telephone network ...
- Russian ransomware gangs start collaborating with Chinese hackers
November 17, 2021
There’s some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration. These attempts to enlist Chinese threat actors are mainly seen on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks. According to a new report by ...
- Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
November 16, 2021
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state actor activity during a session titled “The Iranian evolution: Observed changes ...
- Ransomware gangs are now rich enough to buy zero-day flaws
November 16, 2021
Cyber criminals are becoming more advanced as they continue to find new ways to deliver attacks, and some are now willing to buy zero-day vulnerabilities, something more traditionally associated with nation-states. Knowledge about vulnerabilities and exploits can command a high price on underground forums, because being able to take advantage of them can be very profitable ...
- FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment
November 16, 2021
Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI’s own email system on Friday night, has fingered the guy who allegedly pulled off the exploit. Troia – white hat threat hunter, cybercrime investigator and founder of security firms Night Lion Security and its rebranded version, Shadowbyte ...
- Emotet, once the world’s most dangerous malware, is back
November 16, 2021
Emotet, once described as “the world’s most dangerous malware” before being taken down by a major international police operation, is apparently back – and being installed on Windows systems infected with TrickBot malware. Emotet malware provided its controllers with a backdoor into compromised machines, which could be leased out to other groups, including ransomware gangs, to ...